View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006174 | OXID eShop (all versions) | 1.01. Products (product, categories, manufacturer, promotions etc.) | public | 2015-06-18 09:05 | 2015-06-19 13:18 |
| Reporter | bjoerk | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | duplicate | ||
| Product Version | 4.8.3 / 5.1.3 | ||||
| Fixed in Version | 4.8.7 / 5.1.7 | ||||
| Summary | 0006174: Variant selection fails using HSTS configuration | ||||
| Description | Using the HSTS configuration to satisfy A+ SSL tests, results in a non working variant selection. HSTS tells browsers to keep using HTTPS and forces an internal browser-redirect to the SSL version auf the page even if the url points to a Non-SSL version The getter for the variant widget url is not detecting this internal browser redirect and points to the Non-SSL page which causes the problem | ||||
| Steps To Reproduce | 1. activate HSTS configuration for the shop # HSTS (mod_headers is required) (15768000 seconds = 6 months) <IfModule mod_headers.c> Header always add Strict-Transport-Security "max-age=15768000; includeSubdomains; preload" Header always set X-Frame-Options SAMEORIGIN </IfModule> 2. visit a SSL page like account or checkout 3. go to a product page of a variant 4. try to select a variant -> nothing will happen | ||||
| Tags | No tags attached. | ||||
| Theme | Azure | ||||
| Browser | Not defined | ||||
| PHP Version | Not defined | ||||
| Database Version | Not defined | ||||
