I am wondering how magento determines which page should be secure & which page should be unsecure.
From what i understand, magento only makes the checkout & login page as secure by default & i can make other pages secure by specifying them under the config path frontend/secure_url/....
via my module's config.xml
The admin-side configuration seems to be fine. SSL is enabled in both frontend & backend. The backend is fully over https. In the frontend most pages work fine under http including the homepage, & the checkout & login pages are redirected to https as expected.
But there are a few other url's getting redirected to https that i was expecting to remain on http including a custom module's controller/action.
I need some pointers on how to debug this? Is there any other config i can use to stop them from being redirected?
Best Answer
There is a function just for that, called
shouldUrlBeSecure
located inapp/code/core/Mage/Core/Model/Config.php
on line1477
.Here is the complete function:
To see which URLs should be secure you can add a simple
Mage::log($secureUrls)
inside theif
statement. This is what my log entry looked like:Now to figure out how Magento switches
HTTP
toHTTPS
I think you would most likely have dive into the Zend framework in thelib
insidelib/Zend/Http/*
because it contains files of most interest. Well, anyway hope this helped. Good luck!