Hi,

I need nopCommerce to direct some pages to non-SSL, when I turn SSL on. Is there a way to do this? If so, is there a way without altering the source code?

For example, I always want the home page and products in non-SSL.

Just add the following attribute to required action methods or controllers:

[NopHttpsRequirement(SslRequirement.No)]

Hi,

Thanks, but can I do this without altering the source code?

Hi,

I got this to work in the .cshtml files:


    if (Request.IsSecureConnection)
    {
        Response.Redirect(Request.Url.ToString().Replace("https", "http"));
    }

Here is one where I used it:

\Views\Catalog\ProductTemplate.SingleVariant.cshtml

joe_a84 wrote:

Thanks for the code,
I was having trouble with sessions not being carried over from non-secure to secure (so when an anonymous user added an item to their cart, their cart would be empty).

I modified the code to
@{    if (Request.IsSecureConnection==false)
    {
        Response.Redirect(Request.Url.ToString().Replace("http", "https"));
    }
}
and placed in the variantsingrid file also.

a.m. wrote:

Where is that staff? I am not programmer :( I also want our customers enter in secure enviroment inly during checkout in 2.4

Also, when I am entering categories, something is strange. If category do not have products, it is in secure environment. When there is any product, even no pictures, just one word, it is out of secure environment. Product itself is in secure environment.  Microsoft Explorer did not show any broken links, so I do not know where is that staff that brakes SSL.

What I really want is customers get https only when they enter checkout. Not the store itself completely,

Hi - Yes have experienced the same issues. seems a little strange - version 2.x and the whole site stays in ssl regardless of the settings. this seems very strange that you can only have the whole site with ssl as default  and cannot get these to be selected as default.. some major code rework ahead I feel. With a quick code read it seems the correct controllers are labled to be linked with ssl... BUT ssl is always enabled..any help with this is greatly received. I see this as a fundamental flaw with NOP.

This can get a bit tricky since everyone has different preferences in how to handle this.  I would, however suggest that the homepage be coded to redirect to non secure.  That would at least minimize the issue and give people an out that is expected on the secure side.