CODEWITHSUNDEEP
php.htaccessbrowserhttpsssl-certificate
xkeshav
xkeshav

Reputation: 54072

switching from http to https gives different errors on different browser?

I want to run few pages on https while all others pages run on http

I wrote below code in .htaccess and on config.inc.php file

.htaccess

RewriteEngine on
Options +FollowSymLinks 
RewriteBase /

RewriteRule ^login/?$ login.php [NC]

# Rewrite non www to www.charityrummage.com
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

# Rewrite to https
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} /login [OR]
RewriteCond %{REQUEST_URI} /do_login.php [OR]
RewriteCond %{REQUEST_URI} /payment/?.*$ 
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]

# traffic to http://, except login.php and payment.php
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !(/login|/do_login.php|/payment)
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]

also made some changes in config.inc.php which is required and first file of the website

config.inc.php

$ssl_page = array('login.php','do_login.php','payment.php');
// Note: do_login.php is intermediate page
if(in_array(trim($_SERVER['SCRIPT_NAME'],'/'),$ssl_page)){
    define('PROTOCOL','https://');    
 }else{
   define('PROTOCOL','http://');
}
define('DS','/');
define('URL',PROTOCOL.$_SERVER['HTTP_HOST'].DS);
// based on URL i made CSS and JS Path

here is the website link :

http://www.charityrummage.com.

login page is ssl enabled :

https://www.charityrummage.com/login

BUT

when I run the website, it gives different errors on different browsers and its really annoying. below are the error description on different browsers

IE8

it always prompt for security error and
if i click on Yes then display everything fine except left panel
if i click on NO then certificate error near web address but website works fine.

Chrome ( v :20.0.1132.8 )

display multiple warning about css and js ( see in console ) in below format:

The page at https://www.charityrummage.com/login ran insecure content from http://www.charityrummage.com/css/reset.css

but if you view source of login page then you can see that every css and js running with https://

Firefox (v 16.0)

it display lock sign ( secure ) just for few seconds and then gone away
( i m surprised it never prompt security alert for https ) but when we go with page info -> media then many of images are coming from http://

Will you please examine and tell me what is exact problem?

One more thing i want to know.

if https:// pages are not displaying properly then which one is responsible

Thanks

Upvotes: 3

Views: 336

Answers (2)

j0k
j0k

Reputation: 22756

Try with this rule:

# Force files ending in X to use same protocol as initial request
RewriteRule \.(gif|jpe?g|png|ico|css|js)$ - [S=1]

or this one:

# don't do anything for images/css/js (leave protocol as is)
RewriteRule \.(gif|jpe?g|png|ico|css|js)$ - [NC,L]

Before the # traffic to http://

Upvotes: 2

Stephen
Stephen

Reputation: 803

I got round this problem before by setting the base href on the page like so

<base href="<?php echo HTTPS_BASE_REF; ?>"></base>

This meant that all links derived from this and resolved correctly.

The constant of HTTPS_BASE_REF was set in my config.inc.php file.

Upvotes: 0

Related Questions