View Issue Details

Jump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0006174OXID eShop (all versions)1.01. Products (product, categories, manufacturer, promotions etc.)public2015-06-18 09:052015-06-19 13:18
Reporterbjoerk Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionduplicate 
Product Version4.8.3 / 5.1.3 
Fixed in Version4.8.7 / 5.1.7 
Summary0006174: Variant selection fails using HSTS configuration
DescriptionUsing the HSTS configuration to satisfy A+ SSL tests, results in a non working variant selection.
HSTS tells browsers to keep using HTTPS and forces an internal browser-redirect to the SSL version auf the page even if the url points to a Non-SSL version

The getter for the variant widget url is not detecting this internal browser redirect and points to the Non-SSL page which causes the problem

Steps To Reproduce1. activate HSTS configuration for the shop
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
<IfModule mod_headers.c>
    Header always add Strict-Transport-Security "max-age=15768000; includeSubdomains; preload"
    Header always set X-Frame-Options SAMEORIGIN
</IfModule>

2. visit a SSL page like account or checkout

3. go to a product page of a variant

4. try to select a variant -> nothing will happen
TagsNo tags attached.
ThemeAzure
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined

Relationships

duplicate of 0005702 resolvedsvetlana Variant Selection does not work over https 

Activities

QA

2015-06-18 17:36

administrator   ~0011049

Reminder sent to: bjoerk

Hi,

I wasn't able to reproduce the issue with the given "Steps To Reproduce".

Could you please make them more specific ?

bjoerk

2015-06-19 10:04

reporter   ~0011050

Sorry wrong version! Version is 4.8.3

Bug is related with 0005702 an solved in version 4.8.7