Trying to setup SSL on the Magento checkout pages but have run into this issue:
After payment details are submitted, the payment goes through fine (checked with sagepay) but when sagepay redirect to the success page (/sagepay/server/success/?SID=session_id), it then tries to redirect to /checkout/onepage/success/, where I get an error saying my cart is empty.
This only happens when SSL is enabled, if I turn off secure urls (in the magento backend), everything works fine.
I'm using the Pod1_SagePay extension, in the iframe mode.
Any idea where it might go wrong?
Did you check Ebizmarts Sage Pay Suite CE ?
I've tried the new free ebizmarts extension, Sage Pay Suite CE, it supports Server integration and it works pretty well.
Related
I'm trying to build an hotspot with mikrotik to allow the internet to my clients! So, the problem starts when i'm trying to access sites with Https sercurity like facebook, before the user authenticates.
With normal http connection the hotspot works fine, but when i put https, i'm getting this error: error
Can someone please help me? I have read all the docs in the mikrotik forum, nothing worked!
it's good news that nothing worked because it's the purpose of HTTPS: ensure that the site you want is the site you get. Hotspot does exactly the reverse: you ask for a website and you get another one (hotspot landing page): error.
There is no workaround without installing your certificate on each client, which is not doable on a hotspot environment.
Hopefully, problem has been handled with CNAs (Captive Network Assistants) which detect hotspot presence and launch an automatic HTTP request before the user has time to launch its own browser and navigate to Facebook. Latest iOS/Android/Windows versions do that automatically.
I am using an iFrame which is hosted on another domain that has an SSL certificate. On the page where the iFrame is used I get 'Not Secure' message next to the domain in Google Chrome and the following warning in the console log:
This page includes a password or credit card input in a non-secure
context. A warning has been added to the URL bar. For more
information.
Note: The iFrame loads an online booking portal which includes both login details and credit card information.
In order to prevent this message from showing, would I need to purchase an SSL certificate?
I'm asking because I don't want to order one if it doesn't resolve the issue, there is a way around this without having to get a SSL certificate or if it's just not worth getting one for this situation.
Your thoughts would be highly appreciated.
Thanks in advance.
To help users browse the web safely, Chrome indicates connection
security with an icon in the address bar. Historically, Chrome has not
explicitly labelled HTTP connections as non-secure. Beginning in
January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords
or credit cards as non-secure, as part of a long-term plan to mark all
HTTP sites as non-secure.
It applies to all sites that are not https.
Do check for any website which have login information and doesn't have https, you can view the username and password in the chrome developer window.
security page documentation
I'm working on a web application that uses the google earth plugin. Recently, a new requirement to have non-public users logon was added, which meant that some users were now using the site over https. Among the things that broke in testing were the custom placemark icons (They were working using http).
The icons are hosted on the same server which servers the page.
Here are the urls for each of the protocols.
http - http://localhost/Images/yellow.png
https - https://localhost/Images/yellow.png
I can follow that link and the image will appear as you would expect.
The images hrefs are declared as icon styles in dynamically generated kml.
I want to avoid loading the images over http because I think that will cause internet explorer to present the user with a mixed content warning.
How do I get the images to load properly while using https?
I have been wrestling with this myself -- the short answer is that this won't work. If the content is served off of an HTTPS site that generates any kind of error/prompt (authentication, invalid certificate, etc.) the plugin will simply not load the content.
Interestingly, the desktop client works fine and prompts the user for credentials if necessary. However, neither client will allow content to be served off of site with an untrusted certificate.
The only workaround that I have found is:
Use a trusted HTTPS certificate on the server hosting the content (either trust the certificate on the client systems or just use a real certificate.)
Do not use HTTPS basic auth as that will always generate 401/Challenge responses which the web browser client will simply ignore
If authentication is a requirement, use NTLM authentication and common (e.g., domain) logins. If you load the plugin in Interent Explorer (or in a .NET WebBrowserControl) the authentication will be handled properly and the images will show up.
I was at a Google Earth administrator's training last week and the trainer confirmed this "bug". It is supposed to be fixed in the next version of the plugin (it may actually be fixed already -- what version of the plugin are you using?)
I have a ruby on rails 3 app hosted on heroku with a custom domain. It uses oauth to allow the user to log in through Facebook. After a user logs in through Facebook, the next time they type in our domain in Firefox (tested on FF 15.0.1 on Mac) it automatically fills in https before the address (So the user is used to typing "example.com" into the address bar and pressing ENTER, but Firefox changes that to https://www.example.com). This of course shows the "This Connection is Untrusted" warning page (http://support.mozilla.org/en-US/kb/connection-untrusted-error-message) since we do not have an SSL certificate instead of loading our page.
This only seems to happen with Firefox (tested on Chrome and Safari as well).
I've tried redirecting the rails action that we point to for root to the http protocol version using this example (http://captico.com/securing-specific-routes-in-rails-3/2011/02), but that didn't work. I've also tried adding the ssl_requirement gem (https://github.com/bartt/ssl_requirement) and excluding the action that we point to for the root domain, but then I just got a bad URI error.
We're in money saving mode right now as we test out the site and slowly grow in users. I believe the best thing to do is to pay the money for our own SSL cert, as well as the $20/month to heroku to get SSL for our custom domain. But for now, we'd like to avoid having these extra costs.
Is there a way to fix this for free?
To fix it for free, use the *.herokuapp.com domain instead of a custom domain.
I really dont know what is the problem nor does my website hosting providers. Im using wordpress to run my business and Im using a shop plugin called "Shopp". Whenever I fill in the Paypal Pro details to process credit card on my website, I get teh following on the checkout page: "Firefox has detected that the server is redirecting the request for this address in a way that will never complete."
I can assure you that the plugin has nothing to do with it as I have tried different shop plugins. Can someone help? The url is www.imayne.co.uk/shop/checkout
Few info:
I have SSL automatically installed by my provider
Hosted package was said to be Linux
Usually that's caused by a page (or pages) that simply redirect to each other:
first.php:
<?php
header("Location: second.php")
second.php
<?php
header("Location: first.php");
or a single page that redirects to itself. check your server logs to see exactly what the requested URL is, and then look for a wordpress rule that'd cause the redirect. Possibly you're trying to redirect from non-SSL to SSL-enabled pages, but are doing the redirect wrong, so you end up back at the same page, which then tries to redirect to SSL, fails, etc...
and indeed, after trying your link, you get redirected to https://www.imayne.co.uk/shop/checkout/, which then keeps on redirecting to itself. So, your shopping car system would appear to be broken.
Your site has been removed so I don't know if you were able to solve the issue.
One thing to keep in mind when using Shopp is, you need a dedicated SSL certificate. A "shared hosting" certificate won't work.