Magento 1 – How to Make Custom Module Pages Use SSL

controllersmoduleSecuritysslurl

I've created a Module with some pages and I'm wondering how do I force this pages to use SSL on the url, like the customer login page. Not all of the pages need it, but some do.

What comes to mind (though I haven't tried it) is to evaluate the url in the action controller and redirect to https:// if SSL is enabled in magento config and the current URL is not using it.

Is this approach correct? Or does this kind of setting go in the configuration file?

Best Answer

Yes it goes into the configuration file. If you look at core/Mage/Checkout/etc/config.xml you can see how Magento does it for the checkout:

<frontend>
    <secure_url>
        <checkout_onepage>/checkout/onepage</checkout_onepage>
        <checkout_multishipping>/checkout/multishipping</checkout_multishipping>
    </secure_url>
</frontend>

You can configure your own controllers to use the secure URL in the same way.

The name of the tag (<checkout_onepage>) can be anything, as long as it is unique.

The value (/checkout/onepage) must match the beginning of the URLs that should be secure. It's compared with the actual URL, not the route name!

Related Solutions

Magento 1 – Call Action After Save Config Clicked in Admin

What exactly is your problem? Your path:

Register an observer, listen to admin_system_config_changed_section_{$section}, /app/code/core/Mage/Adminhtml/controllers/System/ConfigController.php:177
do whatever you want

Magento – Redirect to Module/Controller/Action

Again, what are you trying to do? Redirecting someone from sysconfig to your controller is odd UX at best, even if you redirect back to sysconfig after your code executes. If that's all you're doing, you should be consuming the POST and letting sysconfig behave as normal.

The reason your (first) redirect isn't working is that after this event fires, execution flows back to the controller action, which then sets its own redirect per usual:

class Mage_Adminhtml_System_ConfigController extends Mage_Adminhtml_Controller_Action
{
    public function saveAction()
    {
        // snip ...
        try {
            // snip ...
            Mage::dispatchEvent("admin_system_config_changed_section_{$section}",
                array('website' => $website, 'store' => $store)
            );
            // snip ...            }
        catch (Mage_Core_Exception $e) {
            // snip ...
        }
        catch (Exception $e) {
            // snip ...
        }
            // snip ...

        $this->_redirect('*/*/edit', array('_current' => array('section', 'website', 'store')));
    }

You can get around this in a couple ways:

(not ideal) Flush the response after setting the redirect in your browser; while this obeys your current intent, know that you are preventing subsequent native code from executing both in the action and in postDispatch().
(better, but still pretty ugly) Instantiate your observer as a singleton, set a flag, and then set that observer class to also consume the controller_action_postdispatch_adminhtml_system_config_save event using a different method which will set your redirect.

E.g.

public function checkShouldRedirect()
{
    $response = Mage::app()->getResponse();

    //use 'mysection' to check we are in correct section
    if (self::$flag==true && $this->getRequest()->getParam('section') == 'mysection') {
        $response->setRedirect(
            Mage::helper('adminhtml')->getUrl('myrouter/adminhtml_test/validate')
        );
        //below is only necessary for option 1
        //$response->sendResponse();
    }
}

If you are going to engage in the second option - and provided that you aren't opposed to the action saving the open panel state - you might as well just set your observer to consume only the postdispatch event, since you can test that you are saving your section by testing the section param.

Best Answer

Related Solutions

Magento 1 – Call Action After Save Config Clicked in Admin

Magento – Redirect to Module/Controller/Action

Related Topic