[SOLVED] How to stop https PayPal pluginresponse view redirecting to http

[Typhoon365]

Hi,


how can I configure which views are defined as sensitive areas that enforce SSL ?   SSL is enforced for the cart, but I need SSL enforced on the PayPal plugin response also.     


PayPal returns customer to

Code Select Expand

https://www.xxxxx.com/index.php?option=com_virtuemart&view=vmplg&task=pluginresponsereceived&on=ABC12345&pm=7&Itemid=489&lang= but then the page seems to redirect immediately to "http" only. Can see this from watching the browser and also in logs.


How can I configure the PayPal plugin response page to remain "https"  ?  I'm looking at integrating Google Trusted Stores but they need the order confirmation page to be secure as it contains some minimal customer and order information.


Searching the forums, it talks about defining menu items as secure or not for pages.   But in this case ,there is no menu item associated with the plugin response view.


Any help or how to do this or which file manages the http/https redirection is appreciated ?

Settings :

   
• Joomla Force SSL : None
• Virtuemart Enable SSL for sensitive areas (recommended) : On

Software versions :

   
• [size=78%]Joomla : 3.4.4[/size]
• [size=78%]Virtuemart : 3.0.10[/size]
• [size=78%]Virtuemart template : VP Merchant 1.4[/size]

[jjk]

I assume the customer is redirected to the cart view. I think there are several options to achieve that the PayPal redirect stays in https:
1. As you mentioned already, create a menu item with the menu item type 'Shopping Cart'. Personally I would recommend to add a 'customer menu' which holds menu items like 'View Cart', 'Your Order History', Your Customer Account'. Probably this also works if you create a 'hidden' Joomla menu (publish it in a module position, which your template doesn't have).
2. Never tried it myself, but perhaps it works if you create a hidden menu item as an 'external link' which holds the PayPal redirect url.

[Typhoon365]

It's not the cart view..  They are displayed to the screen that gives them the order number, order amount, paypal confirmation completion.  Not the shopping cart. URL has "view=vmplg". 

I could try the 'external link" menu item as you suggested, would be surprise if that works for it but can give it a shot.    Assume this must be a php file that handles the http->https and https->http redirection based on what pages are defined as "sensitive areas", if someone can point me to this file, might be easy enough to add this view or match on the url string into it.

[GJC Web Design]

https is just a switch in the std Joomla JRoute function

In VM if ssl is selected then the 3rd param is set to true

Translates an internal Joomla URL to a humanly readable URL.

(string $url, boolean $xhtml = true, integer $ssl = null)

e.g.

JRoute::_ ('index.php?option=com_virtuemart&view=user&task=' . $task . '&new=1&addrtype=ST&virtuemart_user_id[]=' . $userModel->getId (), $useXHTTML, $useSSL)

I don't understand why when you hardcode the return url to https it doesn't work?

[GJC Web Design]

perhaps this might do it?  https://www.yireo.com/software/joomla-extensions/ssl-redirect/features

[Typhoon365]

Finally tracked it down..   Wasn't where I expected the cause to be.   Looks like the http/https redirection was being done by a 3rd party plug-in, if I disable the plug-in, the redirections between http/https stops and can access pages either by http or https.   Believe the purpose was to force all the shopping cart pages to be https and then switch back to http for the rest of the site.   Unfortunately, this meant other pages couldn't be accessed by https even if requested.

Will take it up with the 3rd party plug-in vendor.

btw, I did try the SSL Redirection plug-in, but just got in an endless redirection loop between the two of them.

Thanks all for your assistance, much appreciated. Will close it in this forum.

[GJC Web Design]

3rd party plug-in

which one?

[Typhoon365]

It was a one page checkout plug-in.

[jenkinhill]

Please let us know the vendor's response, as we may see others with this issue here and the more information we have the easier it is to help.

[Typhoon365]

Solved, it's just a configuration option in the VP One Page Checkout configuration "Force Disable SSL on Non-Cart Pages" that can easily be enabled or disabled. 

All good for me now.

"If you enable SSL in VirtueMart Configuration and also enable "Force Disable SSL on Non-Cart Pages" option in the plugin settings then only the SSL/Non-SSL redirection system of VP One Page Checkout plugin comes into picture. If you do not want VP One Page Checkout plugin to control "Non-SSL" redirection then you can disable the option in plugin settings."

Thanks VirtuePlanet for their quick response and resolution to my issue.  And thanks also to others that replied to this post to try to help, thanks.