Where does the base href code come from? I would not likely have hard coded that.
JJDoench
Where does the base href code come from? I would not likely have hard coded that.
JJDoench
I thought to have found the answer here:
http://www.zen-cart.com/forum/showth...se+href&page=2
However, when I remover the html_header.php file from my overrides folder, my Comodo logo disappears.
So, back to square one?
Who is your hosting company?
There are several hosting companies whose non-conventional server configurations prevent proper operation and detection of traditional SSL use.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
It is a local guy - eblairsolutions.com.
JJDoench
Something's wrong with your hosting server configuration then.
Perhaps it's not giving you *real* SSL, but is only simulating it: a sign of a hosting company who is either unskilled at proper configuration or who is cutting corners seriously to cut costs, and advertising a service they're not really providing.
Or, perhaps they've done one or more other unconventional things.
Regardless, the problem is with the server, and not with Zen Cart.
Read here for some technical guidance: http://www.zen-cart.com/forum/showpo...02&postcount=6
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
I had my host look into it - this is what he says:
What do you think? Is there a cache? How would I reset it?"1. Your Zencart was not properly configured for SSL. The HTTPS setting was www.bestfriendsquilts.com. The SSL Cert is setup for bestfriendsquilts.com (w/o the www.). I fixed that.
2. If you load in IE and tell it to only load secure content (you should be prompted when you load the page), it will not load files that are not coming through a secure channel. When I do this I lose your stylesheet and template graphics, which comes back to the base href. It is set at http://www.bestfriendsquilts.com. That means that anything that has a virtual address will come through http: rather than https:. That's why the graphics and SSL are not secure.
It's not the server, it is something in Zencart. I updated the config but the change isn't happening. Either the template has hard coded things that are supposed to be dynamic or there is a cache involved that needs to be reset."
No, it has nothing to do with cache.
The base href is determined based on the success of being able to detect whether the server is actually serving the page in SSL or not, using the traditional methods enumerated in the post I mentioned earlier: http://www.zen-cart.com/forum/showpo...02&postcount=6
Your server is apparently not conforming to any of those traditional methods of serving SSL. That often is a result of using redirects to serve SSL instead of truly serving real SSL directly.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Could this be the problem? I found this line in my html_header.php in my Custom template folder:
Code:<base href="<?php echo (($request_type == '../Local%20Settings/Temp/fz3temp-1/SSL') ? HTTPS_SERVER . DIR_WS_HTTPS_CATALOG : HTTP_SERVER . DIR_WS_CATALOG ); ?>" />
Um ... ya ... that would be bad. Who put that there?
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
No idea - it looks like the links that Dreamweaver manufactures sometimes when saving something locally. Usually I catch that stuff.
What should that line say? Can I just change it back to match what is in the original file?