I don't really know what is going on or anything, but I want to make my entire site done in Codeigniter, to be SSL encrypted, EVERYWHERE, but the problem is, I have the base_url in the config set to https://www.mysite.com/
But when I load it up, it shows that the page is unsecure (the red crossed out https on chrome)
I made sure all the images on the page, all the included css/js files, are all using the https as well, and I still get that error...
Related
I got a huge redirect problem, I set up a sub-domain
http://subdomain.myspace.com/
and copied a project over as well. Owned it, set chmod particular on 777 so me and the Designers can work on this one, this works fine. Problem is now, whenever I call the URL of this sub it redirects me to the
http://www.originalsite.de
original Site. Even when I take out the .htaccess AND replace the index.php, which is a hard way to go for it, it redirects me. For this is by far not the first time I do this, what makes me even more surprised. But what kind of redirect can this be?
No redirect via .htaccess nor via index.php. I know there's no code but the company I'm working at won't allow me to post the code.
I hope anyone can help.
There is not enough information on your setup to determine the cause of the redirect but i have a guess. If you have ruled out all the possible scenarios of a redirect being in existense (i.e. Htaccess, php etc) then check your caching. Chrome and Firefox sometimes cache dns and http requests.
Try the following:
Open an "incognito" window in chrome or "Private" in firefox, and try loading your subdomain.
If it still redirects, then you still have a hard redirect somewhere hidden (Perhaps in myspace settings)
If this works and does not redirect, then it's my guess above with caching (Clear everything and you should be fine - Plus disable prediction and navigation errors correction in your chrome settings)
Hope this helps
I am really new to Drupal and playing around with this existing Drupal site.
I did a FTP transfer of all the files to my local computer directory. I currently got it on a Vagrant box and I can access the site via http://192.168.56.101/html.
I can do http://192.168.56.101/html/anything-but-user and it brings me to the proper area on the site. However I can't do localhost/html/user, because it redirects me to the website URL rather than the local URL.
I tried clearing the cache (with Drush). I scanned all files in the system and changed the web url to the local URL [not sure if I need to do any other command], and I can't seem to find anything in the .htaccess files that would lead me to this.
The href="/user I would greatly appreciate any advice or help in figuring out this solution.
--UPDATED
There was a module called "Secure Pages" that was causing the user and registration links to be locked and static to prevent redirects to phishing sites. I had to disable this module using "drush pm-disable securepages" in the terminal.
Some typical items you may want to check:
Check if you get the same problem using another browser. If with another browser it works, then it is pretty sure a cookie problem. To solve that, delete the cookie in the browser where you have the problem.
Make sure "clean urls" is enabled. Refer to "https://drupal.stackexchange.com/questions/165029/clean-url-leads-to-duplicate-url-after-migration-to-another-hosting/165044?s=1%7C3.9647#165044" for more details on that.
Make sure the value of "base_url" is set correctly (in your settings.php).
If module Secure Pages is enabled, then try to (at least temporary) disable that moduel to see if it helps.
Apparently, there was a mod called "SecurePages" that was causing the URLs to be static to prevent someone from changing them and redirecting users to a phishing site.
I currently have a website setup on a Secure server.
When I go to my website, the browser will show the HTTPS secure connection symbol at the start of the page load, but then the symbol will be crossed out (google chrome) or disappear (safari) once the page fully loads.
I understand that any files that are not linked to the particular page through an HTTPS path will cause the page to not be considered secure.
I have setup all of my CSS and JavaScript files as being accessed through https://www.example.com/file however I understand that all of my PHP includes must also be accessed through the HTTPS secure path.
When I set my php.ini file to "allow_url_include = on" it still does not permit me to include using a URL path. I additionally have the "allow_url_fopen = on" set as well, but I am still not able to URL include using https://www.example.com.
Can someone explain to me how I can make it work so that every PHP include is included via HTTPS, so that all of my pages will be shown as HTTPS in a user's browser? (this is an ecommerce website, so this factor is important for my users to see).
I have setup all of my CSS and JavaScript files as being accessed through https://www.example.com/file
Good.
You also need to do that for all your images, and any other resources that get included.
however I understand that all of my PHP includes must also be accessed through the HTTPS secure path.
In general, PHP includes should be done from the file system and not hit HTTP(S) at all (since that is inefficient).
The browser can't see what PHP does though, so it isn't the cause of your problem.
If i visit the home page on my site (which uses code igniter) my homepage is using http,
Code igniter sets a cookie containing all the session info.
If I then click login, which is using https I get unsecure content warnings, and the only thing I can think of it being is the cookies as If I restart the browser then go straight to https://mysite.com/login then I get no unsecure content warnings.
How can I fix this (Note that the homepage cannot be https).
This error comes from content being served over http to a page that's supposed to be https. For example, an <img>, <link>, or <script>.
The thing with Codeigniter is that it's very likely you're using base_url() or site_url() for full absolute URLs to the embedded content, probably using http.
Here are some things you can do:
Use relative URL's, i.e. <img src="/path/to/images.jpg">
Don't specify a protocol. Example: //example.com/path/to/image.jpg More on this technique here: http://paulirish.com/2010/the-protocol-relative-url/
In the __construct() of the controller that you need to use https (or in the method that needs it), load a different config file that redefines your base url to use https. Note that it will be too late for any scripts/libraries that use the base url for html output before this config file is loaded.
If you load the page in IE, you should get a very nagging error message that will give you a list of all the content that was delivered insecurely to help you troubleshoot (other browsers should have this feature as well, but in IE it's especially prominent).
EDIT: Saw your note that there is nothing on the page being requested via http, only https, and the note about what happens when no cookies are present. My mistake, I just woke up - I should have read the question more thoroughly :p
You are loading unsecure content (usually images/iframes) on your secure (https) login page.
What this means is that you are referencing a link to a page that is not secure (is not https). This will cause the error, and prompt users whether or not to load such content. It's a problem with the links to external content, not your cookies.
Edit: To (temporarily) fix the issue, find any links/references to external content and disable it for the time being, then visit your page and the prompt/error should go away.
To fix the issue, you'll have to download the content or use a file on your site to securely download the content for that page to use.
Suddenly, my images are not showing up on my site when accessing https pages. No change in my code. My host did have to recompile their ftp service with SSL support after my request (so I could ftpes my site). Can't thing of anything else that would affect my SSL cert. Same thing happens on FF and IE and on different computers.
If I go to your website ( https://www.scfootball.org/ ), I don't see the images, as you said : I get a 403 (Forbidden) error for each one of those -- I can see this using the "Net" tab of the Firefox extension Firebug, for instance.
If I try to see an image directly, without going trough the site (for instance : https://www.scfootball.org/widgets/GulloParkHeader.png ), then, I can see the image.
If you try, make sure you copy-paste the URL to a new tab/window, and not just click on it
Which means there is some kind of trouble between the website and the access to the images ; not on the images themselves.
If I disable the referer in firefox (the web developper toolbar extension allows that easily) and refresh your website's webpage, the images appear.
If I re-enable the referer, and refresh again, then the images don't appear anymore.
Which means there is something, related to the referer, that prevents the images from being sent, and returns a 403 error instead.
Just a wild guess : maybe there's a .htaccess in your widgets directory (or somewhere else) that prevents images from being served, if the referer doesn't correspond to a specific domain ?
Considering the images are displayed on the site when I access it without HTTPS (i.e. with an URL such as http://www.scfootball.org/index2.php ), maybe there is a "protection" in place so your images are not displayed if the Referer is not that non-https website... And that "protection" has not been updated when you switched to HTTPS ?
(I've seen that kind of "protection" used to prevent hot-linking of images, for instance)
This is an old post but, it could be hotlink protection too.
If you turn it on an allowed alias for a http:// domain you gotta for its https:// too, otherwise itll deny your images from being called to client.
I used DJango API to test locally, everything is normal, after deploying SSL, the interface access is normal, but the picture shows 404
Yeah, "not showing up" is a little vague. If the HTML is served by HTTPS and the images are still being served by HTTP, there's a little security leak inherent in the page, which your browser may deal with in one of several, largely ineffectual, ways.