But it still serves the basic http site when I don't type https in the address bar. Is this correct? Do I need to setup the redirect in the .htaccess file?
But it still serves the basic http site when I don't type https in the address bar. Is this correct? Do I need to setup the redirect in the .htaccess file?
Zen Cart simply responds to the incoming request. While setting HTTP_SERVER to an https URL is important, it's only while drawing the page contents that that takes effect.
ie: the "clicks" the user does after hitting the site will all be https.
So, yes, you'll need to do something in your server/hosting account to force https "on first hit" if it wasn't provided. Often that can be done via .htaccess
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
the redirect on the first hit, will, in the future be done from within ZC. you can copy the 3 new files, listed here:
https://github.com/zencart/zencart/pull/1525/files
and there is then no need for .htaccess redirects.
best.
Thanks for the info and replies DrByte and carlwhat. I'll copy those files.
Bookmarks