remove unsecure content from modals-wrapper
https://magento.stackexchange.com/questions/163468
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
Out of the box Magento 2 adds <div class="modal-content" data-role="content"> div at the end of the code. I am not sure what it is supposed to do. But it contains a login form with password input. Chrome/firefox are now signalling any pages that ask for sensitive information that are not served over SSL. So every page of Magento 2 will show as "not secure" in Chrome where the SSL info is shown. It is because of this line of code:
<input name="login[password]" autocomplete="off" class="input-text" id="pass" title="Password" data-validate="{required:true, 'validate-password':true}" aria-required="true" type="text">
Changing type to text removed the error. But I do not know which file is generating this. And if other login forms use the same code, their password entry will be visible instead of ****
Maybe it is coming from vendor\magento\module-customer\view\frontend\web\template\authentication-popup.html but whenever I change the code there it does not affect my magento pages. (flush, reindex, compile etc)
I do not want to run the entire frontend in SSL & do not want the "not secure" error - which is misunderstood by many.
Is there any way to fix this? Where is the code to edit the output of the problematic password input?
This is the chrome inspector HTML output for a fresh 2.1.5 install on blank theme after static:deploy
解决方案
It does come from vendor\magento\module-customer\view\frontend\web\template\authentication-popup.html. Since this is a knockout.js template file, you will have to delete your static content and then re-deploy (if you are in production mode) in order for changes to come through (clearing browser cache is also necessary sometimes). Instead of editing the file directly, you should copy it to your theme in here: app/design/frontend/{Vendor}/{Theme}/Magento_Customer/web/template/authentication-popup.html in order to override it from your theme.
To delete the static content, run rm -rf pub/static/* var/view_preprocessed/* from magento root directory. In production mode you then run the static content deployment command.
As far as I can tell, this modal is used if 'guest checkout' is disabled and a customer who is not logged in clicks on 'Proceed to Checkout' button in minicart or cart page. If guest checkout is enabled for your store, then you can remove it completely by disabling the layout block. To do this, create the file app/design/frontend/{Vendor}/{Theme}/Magento_Customer/layout/default.xml with this contents:
<?xml version="1.0"?>
<page xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:View/Layout/etc/page_configuration.xsd">
<body>
<referenceBlock name="authentication-popup" remove="true"/>
</body>
</page>
You must flush the cache after adding this file.
其他提示
The thing is named authentication-popup in the layout xml.
You can remove it with
<referenceBlock name="authentication-popup" remove="true"/>
in ../page_layout/1column.xml for example.
But I'm not really sure what it is used for either and if it is safe to remove it just like that.
This seems to be the file it is coming from:
../app/code/Magento/Customer/view/frontend/web/js/model/authentication-popup.js
