View Issue Details

IDProjectCategoryView StatusLast Update
0001271OXID eShop (all versions)1. ----- eShop frontend -----public2012-12-10 14:17
Reporterandreas_ziethen Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Summary0001271: images and css-files are not taken via SSL and from wrong domain
DescriptionSet up the following:
1 main shop - not online, with own domain, no ssl, only used for administration
1 (or more) subshop(s) - online, with own domain, configured with ssl-addresses

Now go into the order process and look at the html source code: all the images and the css-file, too, are taken from the non-ssl address of the main shop, which is fatal cause this causes security warnings in all IE versions.

You can sort of fix this if you put an sll-address into config.inc.php for the main shop - BUT: This is NOT a real solution because images and css-files should be taken using the REAL subshop domain, not the main-shop one.
For example: there are scenarios out there where it is very important that no connection between shop 2 and shop 3 can be seen. So having them both using same URLs for images and css files is a No-Go!
TagsSubshops
Theme
BrowserAll
PHP Version5.2.6
Database Version5.0.33

Relationships

duplicate of 0000837 resolvedalfonsas_cirtautas Native shop images for subshops: method oxconfig::getPictureUrl() does not pass parameter $blNativeImg 
related to 0001352 resolvedvilma_liorensaityte Oxconfig::getCoreUtilsUrl() returns wrong URL-Domain in mall-shops 

Activities

andreas_ziethen

2009-09-01 12:53

reporter   ~0001592

Might be connected to 0000761. I think there's still a bug in oxconfig::isSsl():
$this->getConfigParam( 'sSSLShopURL') should NOT be taken to check if SSL is configured cause the main shop - and so the config.inc.php - might not have SSL configured, but the subhops have!

dainius.bigelis

2009-09-01 15:15

reporter   ~0001599

Duplicate of 0000837

andreas_ziethen

2009-09-01 15:51

reporter   ~0001603

Sorry, but I cannot see why this should be a duplicate of 0000837.
Have a look at oxconfig::isSsl(). There you can find this one:

---------------------------------------------------------
 $this->_blIsSsl = ( isset( $aHttpsServerVar ) && $this->getConfigParam( 'sSSLShopURL' ) &&
                         ( $aHttpsServerVar == 'on' || $aHttpsServerVar == '1' ) ); // 1&1 provides "1"
-----------------------------------------------------------

$this->getConfigParam('sSSLShopURL') takes the value set in in config.inc.php - and not the subshop config. And THIS - I think - is the main problem.

dainius.bigelis

2009-09-04 09:03

reporter   ~0001643

@Developers: please check this case as described in Andreas' comment. Also pay attention to the parameter sMallSSLShopURL.

rimvydas_paskevicius

2009-09-07 15:35

reporter   ~0001673

Updated method oxconfig::isSsl() - now it checks not only main shop ssl url but if is defined subshop ssl url.