Mixed Content SSL

a.m. wrote:

I'm having this same issue on Nop Commerce 3.90. I've clicked on the patch link but it's no longer available. Could someone provide the new link? Thanks!

mcvalles wrote:
There's no such issue in 3.90. I presume you've entered an absolute image path in one of your topics. You should use relative paths (e.g. /image_path/filename.jpg). What is your site URL?

Hi Andrei, Thanks for responding to my question. I'm using relative paths in my solution like so:

var sampleImagesPath = CommonHelper.MapPath("~/content/myfolder/");

product.ProductPictures.Add(new ProductPicture
{
   Picture = _pictureService.InsertPicture(System.IO.File.ReadAllBytes(sampleImagesPath + "icon.jpg"), 
                                           MimeTypes.ImageJpeg, _pictureService.GetPictureSeName(product.Name)),
   DisplayOrder = 1,
});

On my local environment, I'm testing on localhost http://localhost:15536. Locally since everything is http, images are rendered withought any warnings. However when I push my changes to my testing environment on a remote server with a url similar to this: https://test.dev.mystore.com/ All images though rendered correctly generate a Mixed Content SSL warning on the console. It looks as if images always render as http, regardless of the current https url. I ended up temporarily having to change _webHelper.GetStoreLocation(); on the PictureService to _webHelper.GetStoreLocation(true); Prior to this I also tried on Configuration->Stores settings, selecting the SSL enabled option but this just crashed the whole page. I tried several combinations:

- SSL enabled and Secure URL blank (crashed)
- SSL enabled and Secure URL with a value (crashed)
- SSL disabled and Store URL containing a https secure URL (had no effect and warnings were still occurring)

Could this be related to the cache logic some other posts on the feed were referring to?

Thanks in advance!
Kind regards,
Clara

I was having same problem at http://antargyan.com
i have changed store url to https://www.antargyan.com to solve this issue
so far so good

Awesome! Since the issue doesn't exist in version 3.90... would someone be kind enough to explain this to me? Because I am getting conflicting information.

From Firefox Console:
Loading mixed (insecure) display content “http://store...com/content/images/thumbs/0000025.png” on a secure page[Learn More] store...com
Loading mixed (insecure) display content “http://store...com/content/images/thumbs/0000034.png” on a secure page[Learn More] store...com
Loading mixed (insecure) display content “http://store...com/content/images/thumbs/0000021.png” on a secure page[Learn More] store...com
Loading mixed (insecure) display content “http://store...com/content/images/thumbs/0000025.png” on a secure page[Learn More]
store.sm.com
Loading mixed (insecure) display content “http://store...com/content/images/thumbs/0000034.png” on a secure page[Learn More]
store...com
Loading mixed (insecure) display content “http://store...com/content/images/thumbs/0000021.png” on a secure page[Learn More]
store...com
Loading mixed (insecure) display content “http://store...com/favicon.ico” on a secure page[Learn More] FaviconLoader.jsm:102:6

It's a live site... And, I'd really like to understand this, because I want my store to be secure without silly little errors... like... A lock with a warning sign on it, because all of the bloody images are being served as http:// when the address clearly shows in the browser as https://...
Is there a setting that I can change to fix this? do I need to edit the Out Of Box code?

I can drop in the site address if need be.

Michieal wrote:

Hello,

Did you restart your application? Image URLs are cached, so maybe it will work? If not, how did you configure your SSL in nopCommerce? Did you select the "SSL Enabled" checkbox in admin panel -> Configuration -> Stores? Are you sure that you installed SSL correctly in your IIS?

Best,
Patryk

Whenever I turn on the SSL Enabled, it causes the site to crash. It goes into an infinite redirect loop. I then have to manually go into the database, and find the setting to turn it back off, so I can get the site to come up.
My site handles the ssl itself (as in my hosting package automatically redirects to the HTTPS version of the site). And, I can't turn that off because it's linked to the other websites that I run.

I know that the SSL is installed correctly, because GoDaddy installed it. It's been doing this for the past year. (And, I have pretty much wasted the past year's worth of hosting trying to get this to work.)

I love how the support for this product works... Hail the ones that work automagickally, ignore or ask the customer to pay if it doesn't "just work". The forums will handle it... right?

Because people wasting time and money on a product that works ONLY in a limited scope, that gets you a really good reputation.

Fuck it, I'm going to use something that works rather than wasting my fucking time on this piece of shit "software".

Thanks anyway.

Turn on ssl, set your site url to https if you need to in the store setting location.

Wipe the cache (clear cache) from the admin menu of nopcommerce.

Go into your image directory where the thumbs are (i.e. content/something something/thumbs/)

- delete everything in there.

If you have minified css and js enabled, delete those min files too.

Restart the application. Have a beer. Cover your eyes and slowly reveal your landing page one finger at a time. If you're smiling by the end of it, i accept gift cards and socks. If you're upset, blame the devs.

Lastly with infinite redirect loop, if your host is handling the redirection. Remove any web server (nginx, apache, iis) configuration you have that uses a 301 redirect from port 80 to https, then try the finger trick again.