osCommerce and SSL Warnings

Generally an SSL warning with osCommerce means you have added a http:// link on a page that is being accessed as https:// i.e. under SSL.  But with latest releases of many browsers it can mean an issue with osCommerce itself.


All external links have to be added as full path link such as http://www.anothersite.com. The use of the http:// can cause issues on pages that run under SSL as that link is not an SSL link.  Therefore it is best to add such links as https://www.anothersite.com to avoid a warning.
Some external link scripts handle this dynamically.  If you look at Google tracking code it will check if the page is running under SSL or not and will prefix either http:// or https:// to its links as appropriate.
Some external links do not operate under SSL.  In particular where images are pulled from another site often the image will not load using an https:// link.  In these cases you need to change the code to not use the link when the page is running under SSL.  To do that,  you can add code to check if the page is running under SSL (like Google) or check the page name and omit it from pages that run by default under SSL such as login.
When doing internal links, that is links to pages on your own site, you should use referential links. A referential link is the part of the URL excluding the domain name e.g. /login.php.  Never use the full path for these links. Using a full path such as http://www.mysite.com/login.php can slow page loads  and interfere with tracking tools.
When you look at your page source, all site links are translated to full path http:// or https:// as appropriate.  If you get an SSL warning then you should search the page source and look for an external http:// link and then change it to https://.


Not all SSL warnings are about http://  links.  Some are about forms.  And this is the point of this post.
Forms on SSL pages can generate a warning within osCommerce. To check your site, do a quick find search on an SSL page and see if you get the above warning.  The warning is related to the  osCommerce function tep_draw_form in includes/functions/html_output.php.  The patch is to insert two lines of code after the first {
global $request_type;
if($request_type==’SSL’ and strstr($action,’http://’)) $action = str_replace(‘http://’,’https://’,$action);
If this issue concerns you and you would us to add this patch then please contact us.