Hi all, I've searched through past posts and haven't seen anything about this exact issue, but if I did overlook something, if someone could point me in the right direction, that'd be great. Basically, I'm running into a problem with all SSL pages in Satchmo coming up as "partially encrypted" (i.e. some secure elements and some non-secure elements). At first I thought this was because of the usual problem of some elements like images being referenced through http, however, I've gone back and double-checked to make sure that they are all referenced either with https or with a relative link.
In any case, to test things out, I've thrown up a bare-bones page with a single image on it, with a hard-coded https reference to an image in the template, here: https://www.xetum.com/cart/ As soon as the image loads, the page goes from fully secure (with the little blue "secure" indicator that you get next to the url in FF) to partially secure. If I take the image out, the page registers as fully secure. FF's Tools > Page Info > Media shows that the image is being loaded via https, however, if I look at it with Adblocker Plus, it shows the image being loaded twice, once with http and once with https. I'm using Apache 2.2.11, Satchmo 0.9, I have both MEDIA_URL and MEDIA_SECURE_URL set (although for this test I am not even using the {{ media_url }} tag), and the following middleware classes: MIDDLEWARE_CLASSES = ( "django.middleware.common.CommonMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", "django.middleware.locale.LocaleMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", "django.middleware.doc.XViewMiddleware", "threaded_multihost.middleware.ThreadLocalMiddleware", "satchmo_store.shop.SSLMiddleware.SSLRedirect", "satchmo_ext.recentlist.middleware.RecentProductMiddleware", #'djangologging.middleware.LoggingMiddleware', #'debug_toolbar.middleware.DebugToolbarMiddleware', "django.contrib.flatpages.middleware.FlatpageFallbackMiddleware", ) I have noticed that some people had a similar issue with ZenCart (I realize it's a bit apples to oranges) that was due to a server configuration issue, where ZC wasn't getting some info it needed from the server, so I'm wondering if maybe something like that is going on here? In a nutshell, ZC checked for at least one of the following to treat a page as SSL: HTTPS = 'on' or '1' HTTP_X_FORWARDED_BY = 'SSL' HTTP_X_FORWARDED_HOST = 'SSL' (and v1.4 and newer will check whether this matches the HTTPS_SERVER name too) SCRIPT_URI is passed and contains 'https:' SERVER_PORT = 443 In that case, the solution was to SetEnv HTTPS 1 in the Apache vhost entry, like so: <VirtualHost *:443> ServerName xetum.com ServerAlias www.xetum.com SetEnv HTTPS 1 ... </VirtualHost> Does Satchmo similarly require certain server environment variables to be set in order for SSL to work properly? Might that be the issue, or am I looking in the wrong direction? Any help would be greatly appreciated! Thanks, Edwin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en -~----------~----~----~----~------~----~------~--~---
