Setting my base_url to Secure
https://magento.stackexchange.com/questions/222469
-
07-01-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Setting my base_url to HTTPS drops the query string
I set the base URL for my site to https://www.example.com, now when user comes to my site from a non secure URL (link) that has a query at the end of it (http://www.example.com/path/to/page?foo=555&bar=444) it gets redirected to the https page (https://www.example.com/path/to/page), however the queries get removed :-( I need them to stay, so the final URL would be https://www.example.com/path/to/page?foo=555&bar=444
I found in the Mage_Core_Controller_Varien_Router_Standard class there is a method (line 441) _checkShouldBeSecure that sets the redirect to secure
protected function _checkShouldBeSecure($request, $path = '') {
if (!Mage::isInstalled() || $request->getPost()) {
return;
}
if ($this->_shouldBeSecure($path) && !$request->isSecure()) {
$url = $this->_getCurrentSecureUrl($request);
if ($request->getRouteName() != 'adminhtml' && Mage::app()->getUseSessionInUrl()) {
$url = Mage::getSingleton('core/url')->getRedirectUrl($url);
}
Mage::app()->getFrontController()->getResponse()
->setRedirect($url)
->sendResponse();
exit;
}
}
i want to make a local override and add this line
if ($_SERVER['QUERY_STRING']) {$url .= '?'.$_SERVER['QUERY_STRING'];};
Is that safe? will it cause any problems? is there a better way for me to go about preserving the query string?
Solution
You need to edit your htaccess file for this kind of redirect. See below:
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^example.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
OTHER TIPS
Please abandon your current direction for resolution, unless you are certain that something in the core has been modified in the past. The issue is more than likely that you have some settings that require updating.
Here are some things you need to check:
- Contents of .htaccess - Please post the content of your .htaccess, less anything that may contain sensitive information.
- System Admin configuration settings for all scopes:
- web/unsecure/base_url
- web/secure/base_url
- web/secure/use_in_frontend
- web/cookie/cookie_path
- web/cookie/cookie_domain
- Redirects/rewrites in your url rewrite tables (core_url_rewrite, for example)
- Redirection settings that may have been applied in something like CPanel/WHM
- Httpd / Vhost settings
If I had to take a guess, I would say that there needs to be some updates to the admin settings, or you have some rewrite/redirect forcing HTTPS redirection before the request even gets to Magento's framework.
