Magento – How to Force HTTP instead of HTTPS in Canonical tag – Magento 2

httpsmagento-2.1

I have SSL enabled in my site, here is what I was expecting: SSL only on checkout process, customer restrict area and backend, not on the entire store such as product and category pages.

In my settings I have both options:

Use Secure URLs on Storefront: YES
Use Secure URLs in Admin: YES

The Storefront option if changed to NO, the checkout and customer restrict area doesn't work with SSL.

Is there any way to set the store to work as expected?

Thank you.

Best Answer

I believe that by now you have realized that it is better to serve all your web pages over HTTPS, instead of HTTP. Furthermore, HTTPS is the new Web Standard now and web content served over HTTP will be treated as a website flaw.

So, it is recommended to enable HTTPS redirect and full-page SSL for your Magento website.

From Stores > Configuration > Web for Base URL add the HTTPS version of your domain. Then, set Use Secure URLs on Storefront, set Use Secure URLs on Admin and Upgrade Insecure Requests to YES.

Related Solutions

Magento – How to make https URL to http

There is a function just for that, called shouldUrlBeSecure located in app/code/core/Mage/Core/Model/Config.php on line 1477.

Here is the complete function:

/**
 * Check whether given path should be secure according to configuration security requirements for URL
 * "Secure" should not be confused with https protocol, it is about web/secure/*_url settings usage only
 *
 * @param string $url
 * @return bool
 */
public function shouldUrlBeSecure($url)
{
    if (!Mage::getStoreConfigFlag(Mage_Core_Model_Store::XML_PATH_SECURE_IN_FRONTEND)) {
        return false;
    }

    if (!isset($this->_secureUrlCache[$url])) {
        $this->_secureUrlCache[$url] = false;
        $secureUrls = $this->getNode('frontend/secure_url');
        foreach ($secureUrls->children() as $match) {
            if (strpos($url, (string)$match) === 0) {
                $this->_secureUrlCache[$url] = true;
                break;
            }
        }
    }

    return $this->_secureUrlCache[$url];
}

To see which URLs should be secure you can add a simple Mage::log($secureUrls) inside the if statement. This is what my log entry looked like:

2014-02-12T11:55:26+00:00 DEBUG (7): Mage_Core_Model_Config_Element Object
(
    [install] => /install/wizard/checkSecureHost
    [customer] => /customer/
    [sales] => /sales/
    [authorizenet_paygate] => /paygate/authorizenet_payment
    [checkout_onepage] => /checkout/onepage
    [checkout_multishipping] => /checkout/multishipping
    [paypal_express] => /paypal/express
    [paypal_standard] => /paypal/standard
    [paypal_express_callbackshippingoptions] => paypal/express/callbackshippingoptions
    [googlecheckout_redirect] => /googlecheckout/redirect/
    [googlecheckout_beacon] => /googlecheckout/api/beacon/
    [googlecheckout_api] => /googlecheckout/api/
    [review_customer] => /review/customer/
    [tag_customer] => /tag/customer/
    [wishlist] => /wishlist/
    [paypaluk_express] => /paypaluk/express
    [rss_catalog_review] => /rss/catalog/review
    [rss_order_new] => /rss/order/new
    [rss_catalog_notifystock] => /rss/catalog/notifystock
    [centinel] => /centinel/
    [newsletter_manage] => /newsletter/manage/
    [downloadable] => /downloadable/customer/
    [downloadable_download] => /downloadable/download/
    [ogone_api] => /ogone/api
    [persistent_onepage_register] => /persistent/index/saveMethod
    [checkout_cart] => /checkout/cart
    [storecredit_info] => /storecredit/info/
    [giftcard_customer] => /giftcard/customer/
    [enterprise_pbridge_pbridge] => /enterprise_pbridge/pbridge/
    [invitation] => /invitation/
)

Now to figure out how Magento switches HTTP to HTTPS I think you would most likely have dive into the Zend framework in the lib inside lib/Zend/Http/* because it contains files of most interest. Well, anyway hope this helped. Good luck!

Magento – https to http change url through .htaccess in magento sites except checkout or the account page

This code solved this problem

Options +FollowSymLinks
    RewriteEngine on


RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(shop|blog|stockists|inthepress|contacts|review|home) http://www.example.com%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTPS} on
RewriteRule ^$ http://%{HTTP_HOST} [L,R]

Best Answer

Related Solutions

Magento – How to make https URL to http

Magento – https to http change url through .htaccess in magento sites except checkout or the account page

Related Topic