uc_ssl doesnt use configured domains for the url switching - FIXED [#973900]

When I enter into a secured page the only part of the url that gets changed is the protocol that gets changed from http to https.
The cert gets an error because it has the wrong domain and its hooked to the https domain.
I can run a test of 2 web pages that happen to be in the same https subdomain and a link back and forth.
On the uc_ssl config page: The secured domain is: https://secure.regu.com:444 The non-secure domain name is: http://www.zzzdev.com:81 When we hit the cart page we wind up with https://www.zzzdev.com (the non-secure domain name) The page seems to flicker real fast like something is changing the url after it gets changed. We are running the clean urls, path auto and path redirect.

Comment	File	Size	Author
#7	973900-uc_ssl_allow_switch_to_subdomain.patch	2.25 KB	zyxware

Comments

Comment #1

crystaldawn commented 16 November 2010 at 23:39

When uc_ssl detects a secured area (such as /cart/checkout ) it does a drupal_goto to the secured domain name (+ the args that were in the url) that is set in the settings. If this is not happening, then something else is causing it to be redirected after the fact to a different location. This would probably cause the flicker you are seeing (being redirected twice). It seems to me that drupal is probably catching a 404 and redirecting you back to the index page? Check the logs to see if there were any 301 or 404 errors.

Comment #2

crystaldawn commented 16 November 2010 at 23:49

Also, to avoid confusion in both development and configuration setups, its common practice to use the same domain for ssl and non-ssl. Such as https://something.com, http://something.com instead of https://secure.somethingelse.com, http://something.com. This helps with drupal sessions since the same cookie can potentially be used for both. If you use a different domain all together then you'll run into access forbidden or page not found errors as one site would be logged in while the other is not. Maybe this is what is happening for you. When you get redirected, you may be trying to access a site that drupal has not yet logged you into and the session is giving you some sort of access restricted error. Using different domain names is more on the advanced side and not really supported since there are so many variables involved. While it IS possible to do, its something that should only be attempted by a competent system/network administrator. If at all possible, use the same domain name for ssl and non-ssl. Not only is it easier to configure and administrate, your users will have a cleaner experience and not ask "why am I on xyz site, I'm suppose to be on abc site."

Comment #3

toby53 commented 18 November 2010 at 19:15

Hi,
thanks for your help !
Now, we have the same domian for both the website and the ssl cert.
I can run the whole site in https and everything works fine. I do have to add items to my cart in the https.
It does not seem to remember the items in my cart in regular http.

When I activate uc_ssl, The whole url is not changing rather just https to http and I get the ssl connection error because the url is https://mysite:mynonsslport.
I don't think I see any unusual messages in the ssl logs.
Do I need to modify the drupal .htaccess file or something ?
thanks

Comment #4

toby53 commented 20 November 2010 at 22:19

Hi,
I am now officially a proud user of uc_ssl !

Heres how I fixed it:
1) The mod_rewrite style in the virtual hosts file is different between old zzz.com and the new Drupal zzz.com.
The mod_rewrite for https ssl needs to spell out the page because it cannot locate the autopath pages by the alias  https://www.zzz.com/cart/checkout needs to be mod_rewritten as https://www.zzz.com/cart/index.php?q=cart/checkout

2) The uc_ssl Drupal module comes up enabled with the whole site set to https.
This is fine as your mod_rewrite is set up correctly but unforunately otherwise nobody can find any pages and your really stuck !

3) How I fixed uc_ssl for us
I turned the uc_ssl module off via mysql.
Went into the uc_ssl config page and disabled global https.
I turned the uc_ssl module back on and updated the ssl_conf page.

4) Fixed the Ajax progress bar running forever and the card / po buttons presenting the input boxes
The mod_rewrite had to be correct for Drupal for this to work.
A lot of people have this issue and its very difficult to disable the progress bar and ajax due to the ubercart secure page design.
(and really you should not be going in there anyway changing code in core modules !)
There was also a typo in the ajax exclude path spelled 'exlucde' '*ajax* !

Comment #5

Ovation1357 commented 22 January 2011 at 01:02

I've hit this issue because my secure domain is a subdomain - e.g. HTTP http://www.example and HTTPS is https://secure.example.com.

I discovered in the uc_ssl module that it does not actually use the "Secure Domain Name:" and "NON-Secure Domain Name:" fields except, it seems, when it's testing SSL connectivity as you save the configuration (see also my update to ubercart ssl critical error came back as non-secure).

In the switching code it simply chooses a target of SSL or not using "http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']" and "https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']" - So no only will it fail to switch if your SSL server is at different address, but it also assumes that the HTTPS and HTTP servers is listening on the default port numbers.

It makes me wonder if there's really any point having the two address configuration fields in the config screen.

I've currently hard-coded mine to go to the correct domains and it works, but in the long term I think if the module is going to support SSL and HTTP being on different domains then it needs to call in the user-config values and use them instead of $_SERVER['HTTP_HOST']

Comment #6

crystaldawn commented 23 January 2011 at 17:57

I think #5 has a good point. I just realized that it indeed does not use the user supplied values and thus the ports would be ignored (the :444 part of a url for example). I will need to re-work those so that they use the values in the variables table rather than getting them from the users web browser.

Comment #7

zyxware commented 20 February 2011 at 17:22

Status:

Active

» Needs review

Status	File	Size
new	973900-uc_ssl_allow_switch_to_subdomain.patch	2.25 KB

Here is a patch that will allow you to switch to the specified SSL domain as requested in #5

Comment #8

crystaldawn commented 20 February 2011 at 18:07

Title:

uc_ssl doesnt use configured domains for the url switching - FIXED

» URL does not get totally changed

This patch does not work vs 6.x-1.22 so I've patched it manually. This patch is now available in 6.x-1.23 This should fix #5 as well as the original poster's problem of ports as well. But I noticed that there is a drupal bug that does NOT log you in if you use this type of setup. I guess it would be that the cookie considers :PORT part of the domain and thus something.com is NOT the same cookie domain as something.com:4444 for example. The result is that if you click "checkout" button, it simply re-directs back to the cart contents list because in order to see cart checkout you have to be logged in and since it thinks you are NOT logged in, it rejects the connection and sends you back to where you came from. I havent the time to look into this, but im sure someone could figure it out in a few minutes. I would consider this a different issue than the original poster as that is now fixed (I confirmed that it works), but this opens up a new bug that is its own issue.

I started a new issue for this here:
http://drupal.org/node/1067466

Comment #9

crystaldawn commented 20 February 2011 at 17:43

Title:	URL does not get totally changed	» uc_ssl doesnt use configured domains for the url switching - FIXED
Status:	Needs review	» Fixed

Changed title to be more descriptive of the issue.

Comment #10

crystaldawn commented 20 February 2011 at 18:19

Title:

URL does not get totally changed

» uc_ssl doesnt use configured domains for the url switching - FIXED

Comment #11

6 March 2011 at 18:21

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Comment #12

avadheshnatani commented 30 May 2012 at 07:13

Version:	6.x-1.21	» 6.x-1.22
Priority:	Major	» Critical

Hello
I want when user add item into cart , the cart page should have in https, and when if user wants go to the home page, the url should in http again.

I installed uc_ssl at my website grubking.com. This Website have also installed ubercart. and also secure page module, but when i enable the status of Ubercart SSL Status , then it display errors:

Ubercart SSL (uc_ssl): The uc_ssl_check() function is returning FALSE because it was unable to contact the SSL (https) version of your website that you defined in the settings. This can be caused by 3 things. 1. Your website is not setup properly for SSL, 2. The OpenSSL extension is not enabled on in your PHP installation, 3. allow_url_fopen is not enabled in php.ini. If #2 fails, uc_ssl will try to use file_get_contents() which requires allow_url_fopen to be set to TRUE in php.ini. Hopefully these hints will help you fix this issue so that you can use uc_ssl.
CRITICAL ERROR! The domain you entered for the secured domain came back as non-secure or it does not point back to this installation of drupal. Your secure domain name MUST be setup and MUST be pointing at this install of drupal.

Its a critical problem, how i solved it, please anybody have any solution ???????