VirtueMart Forum

VirtueMart 2 + 3 => Security (https) / Performance / SEO, SEF, URLs => Topic started by: welrachid on November 23, 2017, 07:11:07 am

Title: Missing SSL url for external ressources
Post by: welrachid on November 23, 2017, 07:11:07 am
The VM dashboard loads in some ressources from an external which in my opinion doesnt make sense. Can you please fix this?? More than that, the ressources loaded are missing SSL which also seems wierd.

url: /administrator/index.php?option=com_virtuemart&view=virtuemart
VM: 3.2.4
J: 3.8.2

also cannot uploade screenshot..
The attachments upload directory is not writable. Your attachment or avatar cannot be saved.
Title: Re: Missing SSL url for external ressources
Post by: Milbo on November 23, 2017, 22:31:18 pm
The screenshot problem is fixed. which ressources do you mean in special?
Title: Re: Missing SSL url for external ressources
Post by: welrachid on November 28, 2017, 10:35:14 am
Hi Mibo
http://extensions.virtuemart.net//components/com_virtuemart/assets/images/vmgeneral/no-product-image.png
is loaded from a NON-SSL site, into our backend which is located on SSL

and this is done even though https://extensions.virtuemart.net/ does have SSL enabled.


btw the external ressources that are loaded in are "latest news" and the images from latest extensions etc. Can this be disabled somewhere?
Title: Re: Missing SSL url for external ressources
Post by: Milbo on December 05, 2017, 09:48:18 am
I fixed it now. The reason was that we still used simplepie as feed library, which throwed an SSL error. The same for Firefox btw, it is really interesting. Use the link directly with https on firefox and you will see that FF says the page is not secure, but chrome says it is secure. Chrome on the other hand just shows the sourcecode.

https://extensions.virtuemart.net/?format=feed&type=rss respectivly https://virtuemart.net/news/list-all-news?format=feed&type=rss

So curl reacts here like FF. The reason is, that the protocoll rss1.0 was not defined for SSL, so it stops. So I could not set the URL with SSL protocol. The new core uses now the standard feed library of joomla. So no more mixed content.