Create an issue which formats things better: http://bitbucket.org/chris1610/satchmo/issue/1231/when-using-https-ssl-for-check-out-the
On Nov 12, 11:42 am, amjoconn <[email protected]> wrote: > I have a patch to satchmo / satchmo / apps / satchmo_store / contact / > urls.py which I am about to submit with an issue: > > 7a8,10> from satchmo_store.shop.satchmo_settings import get_satchmo_setting > > > ssl = get_satchmo_setting('SSL', default_value=False) > > 12c15 > < (r'^ajax_state/$', 'ajax_get_state', {}, > 'satchmo_contact_ajax_state'), > --- > > > (r'^ajax_state/$', 'ajax_get_state', {'SSL': ssl}, > > 'satchmo_contact_ajax_state'), > > Basically you do the same automatic SSL detection that the checkout > process does to figure out if ajax_state should respond to http or > https. If ajax_state is used in which doesn't use the global SSL > rules it won't work again. > > I guess the real answer is to have a {'SSL': either} option... > > Anyway, this change is a better work around. Hopefully the best > solution will end up in trunk soon. > > Albert > > On Nov 11, 2:10 pm, Josh <[email protected]> wrote: > > > > > > > > > Does anyone have any other ideas about this? I have a shop which > > would like to ship internationally but obviously ssl is necessary for > > checkout, especially since you are dealing with customers sensitive > > contact info. Thanks. > > > -Josh > > > On Nov 5, 7:56 am, amjoconn <[email protected]> wrote: > > > > Is this ticket worthy then? Even if the middleware is changed setting > > > up the ajax_state view to behave properly I think should be an > > > internal Satchmo change. > > > > For now I have figured out how my lame work around would work. > > > > I will just turn off SSL globally and then turn it on for all the > > > other checkout views manually, but that still isn't ideal. > > > > Let me know and I will create the ticket. > > > > On Nov 5, 10:46 am, Alex Robbins <[email protected]> > > > wrote: > > > > > Satchmo has an SSL redirect middleware. If that is installed, I don't > > > > think you'll be able to fix this with apache rules. Right now the > > > > middleware lets you set SSL to be True or False. It seems like we > > > > might need a third choice "maintain" or something like that. > > > > Basically, let the connection stay on whatever protocol it is now. > > > > > If we had a setting like that, and applied it to theajaxstateview, > > > > I think that'd solve this problem. > > > > > Alex > > > > > On Thu, Nov 4, 2010 at 9:52 PM, C <[email protected]> wrote: > > > > > You need to track down what's doing the redirect. > > > > > From there you need to break that redirect rule into two redirect > > > > > rules. > > > > > For a GET, let it just dump back a 302. > > > > > For a POST, don't send back a 302, pass it through to the backend. > > > > > Although in this case... anything allowed via http should be allowed > > > > > through https. > > > > > > I'll try and dig up the set of rules I kludged together for Apache > > > > > running PHP through fastcgi tommorro. > > > > > > On Nov 4, 11:29 am, amjoconn <[email protected]> wrote: > > > > >> Morning, > > > > > >> I have ran into some frustrating issues with theajaxstatechanger > > > > >> not working in checkout. I think I know what is what the root cause > > > > >> is and could use some help with working around it/fixing it. > > > > > >> I first noticed the situation in production when I would change the > > > > >> country and theajaxwould start but everything would stay disabled. > > > > >> The caused seemed to be /accounts/ajax_state wasn't returning > > > > >> anything. > > > > > >> Back on in my development environment everything was actually working > > > > >> fine! I figuring it was https related. When I turned off SSL on > > > > >> production it worked. What seems to be happening going > > > > >> tohttps://domain/accounts/ajax_state/redirectstohttp://domain/accounts/... > > > > >> and getting back the 302 is as far as theajaxrequest gets. Since > > > > >> the response is blank this line in the javascript get executed: > > > > > >> if (!result) { return; } > > > > > >> And that mean the controls never get enabled. > > > > > >> Turning off SSL just for the first checkout page is the fast work > > > > >> around, even if it is undesirable. How do I do that quickly? I have > > > > >> control in my payment module, but the checkout page is pre payment. > > > > >> I > > > > >> imagine I need to put the right overriding url magic in my urls.py > > > > > >> I am not sure what the better solution would be? Can you enforce the > > > > >> protocol forajaxwith out having to construct the entire domain? > > > > >> Does doing an httpajaxcall that violate https security? Should > > > > >> ajax_state simply respond even if it is requested over https? > > > > > >> I look forward to what people with more experience have to say and > > > > >> thanks in advance for your help. > > > > > >> Albert O'Connor > > > > >> albertoconnor.ca > > > > > > -- > > > > > You received this message because you are subscribed to the Google > > > > > Groups "Satchmo users" group. > > > > > To post to this group, send email to [email protected]. > > > > > To unsubscribe from this group, send email to > > > > > [email protected]. > > > > > For more options, visit this group > > > > > athttp://groups.google.com/group/satchmo-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en.
