Security Error with SSL on checkout page

7 replies [Last post]

Fri, 03/20/2009 - 13:50

Myron

Offline

Joined: 03/17/2009

Juice: 5

I'm setting up ubercart with an ssl certificate for a product here:
http://www.shinglerecycling.org/content/4th-asphalt-shingle-recycling-fo...

When I enable securepages for the checkout process the payment method is stuck on the Ajax bar. Using Firefox I get the following:

Security Error: Content at https://www.shinglerecycling.org/?q=cart/checkout/line_items may not load data from http://www.shinglerecycling.org/content/home?q=cart/checkout/line_items.

Security Error: Content at https://www.shinglerecycling.org/?q=cart/checkout/payment_details/credit may not load data from http://www.shinglerecycling.org/content/home?q=cart/checkout/payment_det....

Right now secure pages is disabled, but while enabled I had the following pages set to secure:
node/add*
node/*/edit
user/*
admin*
cart/checkout
cart/checkout/line-items
cart/checkout/review
cart/checkout/payment_details/credit
?q=cart/checkout/payment_details/credit
cart/checkout/payment_details/*
cart/checkout/complete
uc*

None of these seemed to make a difference. Firebug indicates that jquery.js is getting 301 Redirects on:
https://www.shinglerecycling.org/content/home?q=cart/checkout/line_items and
https://www.shinglerecycling.org/content/home?q=cart/checkout/payment_de...
Both redirecting to their http versions.

There was a suggestion here:
http://www.ubercart.org/forum/support/3380/failing_ajax_call_checkout_ssl
to edit line 52 of uc_payment_checkout_pane.inc, but what would I put there instead?

Any other suggestions?

Thank you,
Myron

Fri, 03/20/2009 - 14:03

#1 View page

torgosPizza

Offline

Joined: 08/14/2007

Juice: 4110

Re: Security Error with SSL on checkout page

One issue is that you have this line:
cart/checkout/line-items

But it should be:
cart/checkout/line_items (note the underscore, instead of dash, in "line_items")

The rest of it looks okay although you don't need the entry with ?q= anywhere in it, since Secure Pages requires Clean URLs.

--
Help directly fund development: Donate via PayPal!

Mon, 04/27/2009 - 18:26

#2 View page

AntoineSolutions

Offline

Joined: 05/02/2008

Juice: 166

Same Issue

I am having a similar issue to Myron's.

I am upgrading a Drupal site from Drupal 5.x to 6.x. I am not receiving the security error, but the payment method ajax bar is stuck (doesn't resolve). The firebug console shows the following:

POST https://www.oregonaero.com/?q=cart/checkout/payment_details/cod 301 Moved Permanently

Notice the url is not in clean url mode, although clean urls is enabled.

When visiting the link (https://www.oregonaero.com/?q=cart/checkout/payment_details/cod) in the browser, it is correctly redirected to the clean ulr (https://www.oregonaero.com/cart/checkout/payment_details/cod) and the form appears.

My Secure Pages settings are as follows:
Enabled: TRUE
Switch back to http pages when there are no matches: TRUE
Non-Secure Base URL: http://www.oregonaero.com
Secure Base URL: https://www.oregonaero.com
Make secure only the listed pages
node/add*
node/*/edit
user/*
admin*
cart/checkout*
Ignore Pages
*/autocomplete/*
*/ajax/*

Thought I would to see if anyone had any ideas before I go debugging. Thanks for any and all help.

Cheers,

Jon Antoine
Antoine Solutions
Free Open Source PHP IDE

Mon, 04/27/2009 - 19:14

#3 View page

AntoineSolutions

Offline

Joined: 05/02/2008

Juice: 166

Not related to Secure Pages Module?

A quick update,

I have disabled and uninstalled the secure pages module.

When visiting the /cart/checkout page via http, firebug shows the "POST http://www.oregonaero.com/?q=cart/checkout/payment_details/*" url with a permanent redirect. Seconds later a "GET http://www.oregonaero.com/cart/checkout/payment_details/*" appears and the content displayed.

When visiting the /cart/checkout page via https, firebug shows the "POST https://www.oregonaero.com/?q=cart/checkout/payment_details/*" url with a permanent redirect. A GET command for the clean url is never sent.

When visiting the secured url "https://www.oregonaero.com/?q=cart/checkout/payment_details/*" in a browser, it is incorrectly being redirect to its unsecured version "http://www.oregonaero.com/cart/checkout/payment_details/*".

It appears this could be a bug with the url redirects in my .htaccess file. I'll do some more testing and report back the results.

Cheers,

Jon Antoine
Antoine Solutions
Free Open Source PHP IDE

Tue, 04/28/2009 - 14:54

#4 View page

AntoineSolutions

Offline

Joined: 05/02/2008

Juice: 166

Issue Resolved

It turns out setting the $base_url in your settings.php file has its negative side effects, although this was never an issue with Drupal 5. Because $base_url was set with http in the settings.php file, all url's that were constructed via the url() function were forced to use http. Global Redirect was the module forcing the redirect. This was calling drupal_goto() which was calling url() which was using $base_url to construct all urls. I hope this helps anyone else that runs into this issue.

Cheers,

Jon Antoine
Antoine Solutions
Free Open Source PHP IDE

Sat, 06/13/2009 - 16:23

#5 View page

jeffonetwoten

Offline

Joined: 12/13/2008

Juice: 34

Re: Issue Resolved

Turning off the Global Redirect deslash, case sensitive, and deslash made the same issue go away for me.

Jeff

Tue, 07/28/2009 - 12:50

#6 View page

phlows

Offline

Joined: 07/27/2009

Juice: 11

Re: Re: Issue Resolved

I followed Antoine's advice and uncommented the $base_url from the settings.php file and voila, everything works! thanks antoine you rock

Wed, 10/06/2010 - 12:33

#7 View page

philpro

Offline

Joined: 10/06/2010

Juice: 5

Uber kudo's for solution

Thanks all — I don't know how I would have cracked this one otherwise — the project I am working on is so incredibly complex I would have never thought to disable global redirect.

My solution was to completely disable the Global Redirect module.

	User login
	Log in using OpenID: What is OpenID? Username or e-mail: * Password: * Remember me Log in using OpenID Cancel OpenID login Create new account Request new password

Ubercart

Navigation

User login