Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21
  1. #11
    Join Date
    Feb 2008
    Posts
    41
    Plugin Contributions
    0

    Default Re: secure and nonsecure items base href?

    Where does the base href code come from? I would not likely have hard coded that.

    JJDoench

  2. #12
    Join Date
    Feb 2008
    Posts
    41
    Plugin Contributions
    0

    Default Re: secure and nonsecure items base href?

    I thought to have found the answer here:

    http://www.zen-cart.com/forum/showth...se+href&page=2

    However, when I remover the html_header.php file from my overrides folder, my Comodo logo disappears.

    So, back to square one?

  3. #13
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: secure and nonsecure items base href?

    Who is your hosting company?

    There are several hosting companies whose non-conventional server configurations prevent proper operation and detection of traditional SSL use.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  4. #14
    Join Date
    Feb 2008
    Posts
    41
    Plugin Contributions
    0

    Default Re: secure and nonsecure items base href?

    It is a local guy - eblairsolutions.com.

    JJDoench

  5. #15
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: secure and nonsecure items base href?

    Something's wrong with your hosting server configuration then.

    Perhaps it's not giving you *real* SSL, but is only simulating it: a sign of a hosting company who is either unskilled at proper configuration or who is cutting corners seriously to cut costs, and advertising a service they're not really providing.

    Or, perhaps they've done one or more other unconventional things.

    Regardless, the problem is with the server, and not with Zen Cart.

    Read here for some technical guidance: http://www.zen-cart.com/forum/showpo...02&postcount=6
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  6. #16
    Join Date
    Feb 2008
    Posts
    41
    Plugin Contributions
    0

    Default Re: secure and nonsecure items base href?

    I had my host look into it - this is what he says:

    "1. Your Zencart was not properly configured for SSL. The HTTPS setting was www.bestfriendsquilts.com. The SSL Cert is setup for bestfriendsquilts.com (w/o the www.). I fixed that.

    2. If you load in IE and tell it to only load secure content (you should be prompted when you load the page), it will not load files that are not coming through a secure channel. When I do this I lose your stylesheet and template graphics, which comes back to the base href. It is set at http://www.bestfriendsquilts.com. That means that anything that has a virtual address will come through http: rather than https:. That's why the graphics and SSL are not secure.

    It's not the server, it is something in Zencart. I updated the config but the change isn't happening. Either the template has hard coded things that are supposed to be dynamic or there is a cache involved that needs to be reset."
    What do you think? Is there a cache? How would I reset it?

  7. #17
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: secure and nonsecure items base href?

    No, it has nothing to do with cache.

    The base href is determined based on the success of being able to detect whether the server is actually serving the page in SSL or not, using the traditional methods enumerated in the post I mentioned earlier: http://www.zen-cart.com/forum/showpo...02&postcount=6
    Your server is apparently not conforming to any of those traditional methods of serving SSL. That often is a result of using redirects to serve SSL instead of truly serving real SSL directly.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  8. #18
    Join Date
    Feb 2008
    Posts
    41
    Plugin Contributions
    0

    Default Re: secure and nonsecure items base href?

    Could this be the problem? I found this line in my html_header.php in my Custom template folder:

    Code:
    <base href="<?php echo (($request_type == '../Local%20Settings/Temp/fz3temp-1/SSL') ? HTTPS_SERVER . DIR_WS_HTTPS_CATALOG : HTTP_SERVER . DIR_WS_CATALOG ); ?>" />

  9. #19
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: secure and nonsecure items base href?

    Um ... ya ... that would be bad. Who put that there?
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  10. #20
    Join Date
    Feb 2008
    Posts
    41
    Plugin Contributions
    0

    Default Re: secure and nonsecure items base href?

    No idea - it looks like the links that Dreamweaver manufactures sometimes when saving something locally. Usually I catch that stuff.

    What should that line say? Can I just change it back to match what is in the original file?

 

 
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. v139h SSL Nonsecure Items Problems w/ Base href
    By coledorsey in forum Basic Configuration
    Replies: 5
    Last Post: 27 Feb 2012, 02:45 AM
  2. New SSL -- Getting Secure and Nonsecure items error in IE
    By cleverpork in forum Basic Configuration
    Replies: 31
    Last Post: 10 Jun 2011, 05:57 AM
  3. Secure and Nonsecure items
    By Rickmann08 in forum General Questions
    Replies: 58
    Last Post: 13 Sep 2009, 10:36 PM
  4. Page Contains Secure and Nonsecure Items...
    By HandcraftedUK in forum General Questions
    Replies: 7
    Last Post: 9 Nov 2008, 07:20 PM
  5. Secure and nonsecure items
    By dealbyethan.com in forum General Questions
    Replies: 3
    Last Post: 29 Aug 2007, 06:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg