Magento – Captcha Called on HTTP Only

captchacheckouthttpssecuressl

I have a Magento site that has recently begun to stop showing the captcha forms. Also, some browsers (Safari) are refusing to show that my checkout page is secure because, even though the rest of the page's content is through SSL, the captcha is still being called from http and not https.

The error I get is:

[Warning] The page at [my site url] ran insecure content from http://www.google.com/recaptcha/api/js/recaptcha_ajax.js. (onepage, line 51, x2)

The offending code output appears as:

<script type="text/javascript">
    if((DRjQuery.browser.msie && parseInt(DRjQuery.browser.version, 10) != 7) || !DRjQuery.browser.msie) {
                document.write("<script type='text/javascript' src='http://www.google.com/recaptcha/api/js/recaptcha_ajax.js'><\/script>");
    }
</script>

How do I get Magento to use https for captcha?

Where can I find the code (above) where Magento outputs the http so that I can change it to https?

Best Answer

You have included the http:// protocol for the link, which is therefore making an unsecured request. Since google offer support for both the http:// and https:// protocols via the same URL, you can simply use the relative protocol // to make the browser use the current pages protocol.

<script type="text/javascript">
    if((DRjQuery.browser.msie && parseInt(DRjQuery.browser.version, 10) != 7) || !DRjQuery.browser.msie) {
            document.write("<script type='text/javascript' src='//www.google.com/recaptcha/api/js/recaptcha_ajax.js'><\/script>");
    }
</script>

Related Solutions

Magento – How to make https URL to http

There is a function just for that, called shouldUrlBeSecure located in app/code/core/Mage/Core/Model/Config.php on line 1477.

Here is the complete function:

/**
 * Check whether given path should be secure according to configuration security requirements for URL
 * "Secure" should not be confused with https protocol, it is about web/secure/*_url settings usage only
 *
 * @param string $url
 * @return bool
 */
public function shouldUrlBeSecure($url)
{
    if (!Mage::getStoreConfigFlag(Mage_Core_Model_Store::XML_PATH_SECURE_IN_FRONTEND)) {
        return false;
    }

    if (!isset($this->_secureUrlCache[$url])) {
        $this->_secureUrlCache[$url] = false;
        $secureUrls = $this->getNode('frontend/secure_url');
        foreach ($secureUrls->children() as $match) {
            if (strpos($url, (string)$match) === 0) {
                $this->_secureUrlCache[$url] = true;
                break;
            }
        }
    }

    return $this->_secureUrlCache[$url];
}

To see which URLs should be secure you can add a simple Mage::log($secureUrls) inside the if statement. This is what my log entry looked like:

2014-02-12T11:55:26+00:00 DEBUG (7): Mage_Core_Model_Config_Element Object
(
    [install] => /install/wizard/checkSecureHost
    [customer] => /customer/
    [sales] => /sales/
    [authorizenet_paygate] => /paygate/authorizenet_payment
    [checkout_onepage] => /checkout/onepage
    [checkout_multishipping] => /checkout/multishipping
    [paypal_express] => /paypal/express
    [paypal_standard] => /paypal/standard
    [paypal_express_callbackshippingoptions] => paypal/express/callbackshippingoptions
    [googlecheckout_redirect] => /googlecheckout/redirect/
    [googlecheckout_beacon] => /googlecheckout/api/beacon/
    [googlecheckout_api] => /googlecheckout/api/
    [review_customer] => /review/customer/
    [tag_customer] => /tag/customer/
    [wishlist] => /wishlist/
    [paypaluk_express] => /paypaluk/express
    [rss_catalog_review] => /rss/catalog/review
    [rss_order_new] => /rss/order/new
    [rss_catalog_notifystock] => /rss/catalog/notifystock
    [centinel] => /centinel/
    [newsletter_manage] => /newsletter/manage/
    [downloadable] => /downloadable/customer/
    [downloadable_download] => /downloadable/download/
    [ogone_api] => /ogone/api
    [persistent_onepage_register] => /persistent/index/saveMethod
    [checkout_cart] => /checkout/cart
    [storecredit_info] => /storecredit/info/
    [giftcard_customer] => /giftcard/customer/
    [enterprise_pbridge_pbridge] => /enterprise_pbridge/pbridge/
    [invitation] => /invitation/
)

Now to figure out how Magento switches HTTP to HTTPS I think you would most likely have dive into the Zend framework in the lib inside lib/Zend/Http/* because it contains files of most interest. Well, anyway hope this helped. Good luck!

How to Redirect HTTPS to HTTP for Catalog & Product Pages

Method 1: You may try this as well. It is specifically targeting your catalog and product page with help of editing .htaccess

    RewriteEngine On
    RewriteCond %{HTTPS} on
    RewriteEngine On

    # From https to http
    RewriteCond %{REQUEST_URI} !^/catalogpage/
    RewriteCond %{REQUEST_URI} !^/productpage/
    RewriteRule ^(.*)$ http://%{HTTP_HOST} [L,R=301]

And set "Auto-redirect to Base URL" to NO under System -> Configuration -> Web -> Url Options

Method 2: Please visit following tutorial about redirecting https to http on catalog and product page:

https://www.designhaven.co.uk/2013/06/redirecting-secure-https-non-secure-http-magento/

Best Answer

Related Solutions

Magento – How to make https URL to http

How to Redirect HTTPS to HTTP for Catalog & Product Pages

Related Topic