BoldMinded

Publisher does not support the Fluid field type. Please do not contact asking when support will be available.

If you purchased an add-on from expressionengine.com, be sure to visit boldminded.com/claim to add the license to your account here on boldminded.com.

Ticket: Problems using CSM with HTTPS (SSL)

Status Resolved
Add-on / Version Custom System Messages
Severity Critical
EE Version 31

David Rousseau

May 17, 2013

Good afternoon.

Using CSM on 2.6.1, with Solspace USER 3.4.1

Scenario I - From HTTPS page

Settings of the extension :
- Enable ajax responses? - No
- Bypass the message template entirely on successful actions? - Yes
- Redirect to the defined error template? - Yes
Then my error/index template for each next tree, no custom actions.

If I’m on a HTTPS page, I then get to my HTTP error page, and it shows the error variables as so : {csm:heading}, {csm:content}, {csm:link}

If I put a force SSL on the error page ({exp:dm_force_ssl:force}), then it works.

HOWEVER

Doing so brings me to my next problem :

Scenario II - From HTTP page

Settings of the extension :
- Enable ajax responses? - No
- Bypass the message template entirely on successful actions? - Yes
- Redirect to the defined error template? - Yes
Then my error/index template for each next tree, no custom actions.

If I put a force SSL on the error page ({exp:dm_force_ssl:force}) to accomodate my HTTPS customers, using a form on HTTP with an error brings me back to the homepage without any error shown.

I’m currently setup as the last scenario.  You can try using the following pages :
- HTTP : http://www.privilegespecan.com/fr/a-propos/code-ethique-membres (footer login)
- HTTPS : https://www.privilegespecan.com/fr/profil

#1

Brian Litzinger

Thanks for the detailed report, I’ll be able to take a look at it this weekend.

#2

David Rousseau

Thanks. BTW, site is online, while it’s not promoted yet, people may still go on it

#3

BoldMinded (Brian)

David, have you tried forcing SSL via htaccess instead of using a PHP plugin? Thats probably doing a 302 redirect, which will blow away the CSM data. I’m hesitant to even look into this b/c it clearly doesn’t work when that plugin is brought into the mix, so thats really an issue with the plugin, or the usage of it that breaks CSM. Try this in your .htaccess file instead. Put this before the rule where you remove index.php from the URL.

# force https
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
#4

BoldMinded (Brian)

David, I’m going to close this b/c I’m pretty sure CSM isn’t the cause here. If you run into further issues please open a new ticket. Thanks!

Login to reply