- Posts: 2
COMMUNITY FORUM
k2 is breaking secure pages
- isos
-
Topic Author
- Offline
- New Member
Less
More
15 years 7 months ago #73662
by isos
k2 is breaking secure pages was created by isos
Running Joomla 1.5.14 and k2 2.1
I have a site using Virtuemart, and some of the shopping cart pages are secure. K2 is breaking the security because there are multiple calls for http:// rather than https://
Example 1:
script type="text/javascript" src="www.mydomain.com/components/com_k2/js/k2.js">;
Example 2:
var K2RatingURL = 'www.mydomain.com/';
Anyone have an idea on whether this is a k2 or a joomla bug, and how to fix it? I saw another blog post about something similar, but it seemed to be about admin pages, not secure front end pages.
I have a site using Virtuemart, and some of the shopping cart pages are secure. K2 is breaking the security because there are multiple calls for http:// rather than https://
Example 1:
script type="text/javascript" src="www.mydomain.com/components/com_k2/js/k2.js">;
Example 2:
var K2RatingURL = 'www.mydomain.com/';
Anyone have an idea on whether this is a k2 or a joomla bug, and how to fix it? I saw another blog post about something similar, but it seemed to be about admin pages, not secure front end pages.
Please Log in or Create an account to join the conversation.
- Lefteris
-
- Offline
- Platinum Member
Less
More
- Posts: 8743
15 years 7 months ago #73663
by Lefteris
Replied by Lefteris on topic k2 is breaking secure pages
Hi. K2 uses the Joomla! API for loading javascript and CSS files as i have explained on the other post. This is a Joomla! bug so we need to find another way for doing this. Thanks for reporting this issue to us.
Please Log in or Create an account to join the conversation.
- isos
-
- Offline
- New Member
Less
More
- Posts: 2
15 years 7 months ago #73664
by isos
Replied by isos on topic k2 is breaking secure pages
Thanks for responding. Any idea on when this might be fixed? I would like to avoid hacking the core Joomla files, but I have several Virtuemart users eager to start using k2 for blogging.
Lefteris Kavadas said:Hi. K2 uses the Joomla! API for loading javascript and CSS files as i have explained on the other post. This is a Joomla! bug so we need to find another way for doing this. Thanks for reporting this issue to us.
Lefteris Kavadas said:Hi. K2 uses the Joomla! API for loading javascript and CSS files as i have explained on the other post. This is a Joomla! bug so we need to find another way for doing this. Thanks for reporting this issue to us.
Please Log in or Create an account to join the conversation.
- Andrew Patton
-
- Offline
- New Member
Less
More
- Posts: 2
14 years 8 months ago #73665
by Andrew Patton
Replied by Andrew Patton on topic k2 is breaking secure pages
Lefteris Kavadas said:Hi. K2 uses the Joomla! API for loading javascript and CSS files as i have explained on the other post. This is a Joomla! bug so we need to find another way for doing this. Thanks for reporting this issue to us.
I responded in more detail on the other post Lefteris refers to (if you want more details and a better understanding, please visit that post), but long story short, I came up with a solution that can be used in your template to ensure that no components (K2 or otherwise) include non-secure dependencies on pages that you want to be secure. Here's the code:
Just put that snippet in your template (it shouldn't matter where you put it, but I find it helpful to put all php logic at the top of my templates, before the actual html markup; though regardless of where you put the code snippet, make sure it's in a <?php ?> block), and your secure pages will become secure once more.
I responded in more detail on the other post Lefteris refers to (if you want more details and a better understanding, please visit that post), but long story short, I came up with a solution that can be used in your template to ensure that no components (K2 or otherwise) include non-secure dependencies on pages that you want to be secure. Here's the code:
// SSL fix to resolve issues with K2
if ( substr($this->base, 0, 5) == 'https' ) {
$head = $this->getHeadData();
// first, the stylesheets:
foreach($head['styleSheets'] as $link => $props) {
if (strpos($link, 'http:') !== false) {
$fixedLink = str_replace('http:', 'https:', $link);
$head['styleSheets'][$fixedLink] = $props;
unset($head['styleSheets'][$link]);
}
}
// then, the js:
foreach($head['scripts'] as $link => $props) {
if (strpos($link, 'http:') !== false) {
$fixedLink = str_replace('http:', 'https:', $link);
$head['scripts'][$fixedLink] = $props;
unset($head['scripts'][$link]);
}
}
$this->setHeadData($head);
}Just put that snippet in your template (it shouldn't matter where you put it, but I find it helpful to put all php logic at the top of my templates, before the actual html markup; though regardless of where you put the code snippet, make sure it's in a <?php ?> block), and your secure pages will become secure once more.
Please Log in or Create an account to join the conversation.
- natecovington
-
- Offline
- Senior Member
Less
More
- Posts: 68
14 years 5 months ago #73666
by natecovington
Replied by natecovington on topic k2 is breaking secure pages
Yes, there is another thread with some code that you insert into your template's index.php file to fix the SSL/HTTPS issue you mention. (I've got K2 with SSL working on my site just fine with this hack)
Also, I've used "ReReplacer" to fix some other SSL / HTTPS issues... you could look into this as well.
Also, I've used "ReReplacer" to fix some other SSL / HTTPS issues... you could look into this as well.
Please Log in or Create an account to join the conversation.
- Mark Schultz
-
- Offline
- Junior Member
Less
More
- Posts: 28
14 years 3 weeks ago #73667
by Mark Schultz
Replied by Mark Schultz on topic k2 is breaking secure pages
I found this did not work but changing the first line from:
if ( substr($this->base, 0, 5) == 'https' ) {
to:
if ( substr(JURI::current(), 0, 5) == 'https' ) {
does work. (with J! 1.5.22 anyway)
Andrew Patton said:
Lefteris Kavadas said:Hi. K2 uses the Joomla! API for loading javascript and CSS files as i have explained on the other post. This is a Joomla! bug so we need to find another way for doing this. Thanks for reporting this issue to us.
I responded in more detail on the other post Lefteris refers to (if you want more details and a better understanding, please visit that post), but long story short, I came up with a solution that can be used in your template to ensure that no components (K2 or otherwise) include non-secure dependencies on pages that you want to be secure. Here's the code:
Just put that snippet in your template (it shouldn't matter where you put it, but I find it helpful to put all php logic at the top of my templates, before the actual html markup; though regardless of where you put the code snippet, make sure it's in a <?php ?> block), and your secure pages will become secure once more.
if ( substr($this->base, 0, 5) == 'https' ) {
to:
if ( substr(JURI::current(), 0, 5) == 'https' ) {
does work. (with J! 1.5.22 anyway)
Andrew Patton said:
Lefteris Kavadas said:Hi. K2 uses the Joomla! API for loading javascript and CSS files as i have explained on the other post. This is a Joomla! bug so we need to find another way for doing this. Thanks for reporting this issue to us.
I responded in more detail on the other post Lefteris refers to (if you want more details and a better understanding, please visit that post), but long story short, I came up with a solution that can be used in your template to ensure that no components (K2 or otherwise) include non-secure dependencies on pages that you want to be secure. Here's the code:
// SSL fix to resolve issues with K2<br/>
if ( substr($this->base, 0, 5) == 'https' ) {<br/>
$head = $this->getHeadData();<br/>
// first, the stylesheets:<br/>
foreach($head['styleSheets'] as $link => $props) {<br/>
if (strpos($link, 'http:') !== false) {<br/>
$fixedLink = str_replace('http:', 'https:', $link);<br/>
$head['styleSheets'][$fixedLink] = $props;<br/>
unset($head['styleSheets'][$link]);<br/>
}<br/>
}<br/>
// then, the js:<br/>
foreach($head['scripts'] as $link => $props) {<br/>
if (strpos($link, 'http:') !== false) {<br/>
$fixedLink = str_replace('http:', 'https:', $link);<br/>
$head['scripts'][$fixedLink] = $props;<br/>
unset($head['scripts'][$link]);<br/>
}<br/>
}<br/>
$this->setHeadData($head);<br/>
}Just put that snippet in your template (it shouldn't matter where you put it, but I find it helpful to put all php logic at the top of my templates, before the actual html markup; though regardless of where you put the code snippet, make sure it's in a <?php ?> block), and your secure pages will become secure once more.
Please Log in or Create an account to join the conversation.
- James Anderson
-
- Offline
- Junior Member
Less
More
- Posts: 32
13 years 7 months ago #73668
by James Anderson
Replied by James Anderson on topic k2 is breaking secure pages
Hey mate, this looks promising! I tried your code but everytime I try to use it still returns fixed http:// urls for K2 cache files and other JS files + CSS?
Any ideas? site is www.nzgeographic.co.nz
Any ideas? site is www.nzgeographic.co.nz
Please Log in or Create an account to join the conversation.
- Andrew Patton
-
- Offline
- New Member
Less
More
- Posts: 2
13 years 7 months ago #73669
by Andrew Patton
Replied by Andrew Patton on topic k2 is breaking secure pages
I’m not sure how to deal with cached content in general (like in modules). That would require a different kind of fix then the one I suggest.
However, based on looking at your checkout page, I can see some things you could do.
First, in the right-side modules, you could make the image sources begin with a forward slash (e.g., /images/stories/ad_agency/2/1310420706.jpg instead of www.nzgeographic.co.nz/images/stories/ad_agency/2/1310420706.jpg)
You will also need to make sure com_adagency’s JS include and the swfobject.js include from googleapis both get https.
The K2 includes (CSS and JS), as far as I could see, were fine. No problems with missing https.
However, based on looking at your checkout page, I can see some things you could do.
First, in the right-side modules, you could make the image sources begin with a forward slash (e.g., /images/stories/ad_agency/2/1310420706.jpg instead of www.nzgeographic.co.nz/images/stories/ad_agency/2/1310420706.jpg)
You will also need to make sure com_adagency’s JS include and the swfobject.js include from googleapis both get https.
The K2 includes (CSS and JS), as far as I could see, were fine. No problems with missing https.
Please Log in or Create an account to join the conversation.
- James Anderson
-
- Offline
- Junior Member
Less
More
- Posts: 32
13 years 7 months ago #73670
by James Anderson
Replied by James Anderson on topic k2 is breaking secure pages
Hi, yeah I have contacted iJoomla about Ad Agency fixes, was trying to get the K2 stuff fixed. And I am still trying to find what is calling the googleapi..
Andrew Patton said:
I’m not sure how to deal with cached content in general (like in modules). That would require a different kind of fix then the one I suggest.
However, based on looking at your checkout page, I can see some things you could do.
First, in the right-side modules, you could make the image sources begin with a forward slash (e.g., /images/stories/ad_agency/2/1310420706.jpg instead of www.nzgeographic.co.nz/images/stories/ad_agency/2/1310420706...)
You will also need to make sure com_adagency’s JS include and the swfobject.js include from googleapis both get https.
The K2 includes (CSS and JS), as far as I could see, were fine. No problems with missing https.
Andrew Patton said:
I’m not sure how to deal with cached content in general (like in modules). That would require a different kind of fix then the one I suggest.
However, based on looking at your checkout page, I can see some things you could do.
First, in the right-side modules, you could make the image sources begin with a forward slash (e.g., /images/stories/ad_agency/2/1310420706.jpg instead of www.nzgeographic.co.nz/images/stories/ad_agency/2/1310420706...)
You will also need to make sure com_adagency’s JS include and the swfobject.js include from googleapis both get https.
The K2 includes (CSS and JS), as far as I could see, were fine. No problems with missing https.
Please Log in or Create an account to join the conversation.