Author Topic: HTTPS broken in account details /editaddresscheckoutBT  (Read 3266 times)

Abbring

  • Beginner
  • *
  • Posts: 8
HTTPS broken in account details /editaddresscheckoutBT
« on: February 06, 2013, 02:53:50 am »
Hello,

I have read a lot of information on SSL issues & the suggestions formed by the community to implement.

However, I have an issue that I cannot seem to solve myself and I could use some assistance.

Currently my website is in HTTP until you land on the checkout which is HTTPS.  When you leave the checkout, you are back to HTTP and then when you go back to the checkout it is HTTPS.  There is no issue here, however with the virtuemart 2 checkout process, after landing on the checkout page and clicking submit you are next brought to a screen where you add/edit account details at this URL: https://www.protecautocare.com/your-account-details/editaddresscheckoutBT which shows up as insecure.  Any travel around the site remains with the HTTPS as insecure.

To see why SSL the is broken I use a site & what I come back with is:

Total number of items: 98
Number of insecure items: 3
Insecure URL: http://www.protecautocare.com/components/com_virtuemart/assets/css/vmpanels.css
Found in: https://www.protecautocare.com/your-account-details/editaddresscheckoutBT

Insecure URL: http://www.protecautocare.com/components/com_virtuemart/assets/css/images/j_arrow.png
Found in: http://www.protecautocare.com/components/com_virtuemart/assets/css/vmpanels.css

Insecure URL: http://www.protecautocare.com/components/com_virtuemart/assets/css/images/j_arrow_down.png
Found in: http://www.protecautocare.com/components/com_virtuemart/assets/css/vmpanels.css


If I change in the main root of the domain the configuration file from:  public $live_site = 'http://www.protecautocare.com';   to public $live_site = 'https://www.protecautocare.com'   This fixes the security issue, however when I do this I lose my "add to cart" button functionality.  I then tried to fix the add to cart functionality. Next I tried tracing all javascript issues & I tried working around it for several hours without any luck.  So obviously, changing the domain in the configuration file is not the way I can fix it either.

Also, I have tried to disable all Joomla SEF and I do not use 3rd party.  This did not work either.

How can I make secure calls to those resources?

I am a newbie, so any file directories that I have to look in, I would appreciate the path.  I have this issue on a live site that has a few hundred hits a day.  So any help would be GREATLY appreciated!!

System info: Joomla 2.5.9   | VM2.0.18a

Thank you for any help in advance

Derek

jjk

  • Global Moderator
  • Sr. Member
  • *
  • Posts: 3737
  • using Matomo instead of Google Analytics
Re: HTTPS broken in account details /editaddresscheckoutBT
« Reply #1 on: February 06, 2013, 20:07:41 pm »
You do have two  javascript errors when the 'Add to cart button is clicked'
1st is:
ReferenceError: stLight is not defined
http://www.protecautocare.com/gasoline-fuel-system-cleaner-detox4
Line 343
2nd is in:
http://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js

I don't know anything about the first one, but try to disable the Google jquery in Virtuemart configuration.
If you solved those two issues, check if the ssl problem still exists.
Configuration suggestions:
In Joomla Global Configuration
> Server: Force SSL = Off
>System: Cache = Off

In VM2 Configuration:
Enable SSL for sensitive areas (recommended) = Enabled

On my own website I also have links to ssl areas set to 'noindex, nofollow' for the search engines.

Non-English Shops: Are your language files up to date?
http://virtuemart.net/community/translations

Abbring

  • Beginner
  • *
  • Posts: 8
Re: HTTPS broken in account details /editaddresscheckoutBT
« Reply #2 on: February 08, 2013, 22:22:52 pm »
Thank you,

I was able to get the add to cart button to work properly, but I still have the insecure resource issue on my add/edit account details page in the checkout process.

Any ideas on how/where to change these files so I can have a 100% secure checkout?

Abbring

  • Beginner
  • *
  • Posts: 8
Re: HTTPS broken in account details /editaddresscheckoutBT
« Reply #3 on: February 11, 2013, 22:26:56 pm »
Solved > Toggled SEF plugin enabled & disabled it a few cycles | Cleared site cache > turned SEF back on | Removed images from css > cleared site cache again > test test test, everything checks out ok!