Announcement

Collapse
No announcement yet.

Problem with forum URL after installing SSL certificate

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with forum URL after installing SSL certificate

    Hi all,

    So we run this https://www.gooner.pl/forum/ website and today we've installed a SSL certificate for the first time. The issue started after setting up the certificate.
    So when even I, a logged in user to the forum (but not only, appears for all website viewers) opens it again with full address as above, it opens like for an unregistered/not logged in user and the login tab shows an error "Server www.gooner.pl has rejected the connection" (sorry, the site is in Polish):

    Click image for larger version

Name:	refused_connection.png
Views:	183
Size:	8.3 KB
ID:	4418915

    Anyway, after clicking whatever option on the forum, it brings it all back to a normal view of me, for example, as a logged in user an everything is working just fine. Can anyone advice what might be the issue here?

    Thanks a lot.

  • #2
    It sounds like your root URL is not whitelisted in the SSL certificate.

    Comment


    • #3
      Click image for larger version

Name:	2019-07-23_11-10-08.png
Views:	115
Size:	49.9 KB
ID:	4418921


      The login form is loading for me when I visit your forum. Please clear your browser cache.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API

      Comment


      • #4
        It behaves the same at different browsers which I cleared from cache files, uninstalled and installed again.
        When I go with gooner.pl only, it works like a charm. The login tab can be loaded.
        But when I type gooner.pl/forum it shows as follows on Opera and Firefox:

        Click image for larger version

Name:	Adnotacja 2019-07-23 204119.jpg
Views:	138
Size:	52.5 KB
ID:	4418927

        Click image for larger version

Name:	Adnotacja 2019-07-23 204003.jpg
Views:	96
Size:	76.5 KB
ID:	4418928

        Comment


        • #5
          Looks like CORS is blocking access? Can someone help?

          jquery.js:8561 [Deprecation] Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
          send @ jquery.js:8561
          jquery.js:8630 Access to XMLHttpRequest at 'https://www.gooner.pl/forum/ajax/api/options/fetchValues' from origin 'https://gooner.pl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
          send @ jquery.js:8630
          footer-rollup-553.js:382 Error when fetching options: NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'https://www.gooner.pl/forum/ajax/api/options/fetchValues'.
          error @ footer-rollup-553.js:382
          jquery.js:8630 Access to XMLHttpRequest at 'https://www.gooner.pl/forum/ajax/api/options/fetchValues' from origin 'https://gooner.pl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
          send @ jquery.js:8630
          footer-rollup-553.js:382 Error when fetching options: NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'https://www.gooner.pl/forum/ajax/api/options/fetchValues'.
          error @ footer-rollup-553.js:382
          footer-rollup-553.js:2544 PM Dropdown not detected, skipping init.
          footer-rollup-553.js:2544 PM Chat window not detected, skipping init.
          (index):1 Refused to display 'https://www.gooner.pl/forum/auth/login-form' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
          footer-rollup-553.js:382 vBulletin.loadingIndicator.show Counter: 1 Source: ajaxStart
          jquery.js:8630 Access to XMLHttpRequest at 'https://www.gooner.pl/forum/ajax/api/options/fetchValues' from origin 'https://gooner.pl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
          send @ jquery.js:8630
          footer-rollup-553.js:382 Error when fetching options: NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'https://www.gooner.pl/forum/ajax/api/options/fetchValues'.
          error @ footer-rollup-553.js:382
          footer-rollup-553.js:382 vBulletin.loadingIndicator.hide Counter: 0 Source: ajaxStop
          footer-rollup-553.js:382 Securitytoken updated
          footer-rollup-553.js:382 vBulletin.loadingIndicator.show Counter: 1 Source: ajaxStart
          jquery.js:8630 Access to XMLHttpRequest at 'https://www.gooner.pl/forum/ajax/api/options/fetchValues' from origin 'https://gooner.pl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
          send @ jquery.js:8630
          footer-rollup-553.js:382 Error when fetching options: NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'https://www.gooner.pl/forum/ajax/api/options/fetchValues'.
          error @ footer-rollup-553.js:382
          footer-rollup-553.js:382 vBulletin.loadingIndicator.hide Counter: 0 Source: ajaxStop
          syndication.twitter.com/i/jot/syndication?l=%7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A156 4395362675%2C%22dnt%22%3Afalse%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22 page%22%3A%22timeline%22%2C%22action%22%3A%22impression%22%7D%7D:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
          (index):1 Refused to display 'https://www.gooner.pl/forum/auth/login-form' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

          Comment


          • #6
            CORS is a third party browser add on. I have no idea why it is blocking anything, it isn’t something we can provide support for.
            MARK.B | vBULLETIN SUPPORT

            TalkNewsUK - My vBulletin 5.6.3 Demo
            AdminAmmo - My Cloud Demo

            Comment


            • #7
              Redirect https://gooner.pl to https://www.gooner.pl/. You shouldn't try to access your site via multiple URLs in this day and age. You'll trigger server and browser security protocols like CORS.

              Your hosting provider can help you with redirects. They can also help you update the CORS policy for your site. There is no way to control either in vBulletin.
              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud demonstration site.
              vBulletin 5 API

              Comment


              • #8
                Thanks Mark and Wayne! I will contact our host provider regarding CORS.

                In ​​​the end I did resolve the issue partially (all web browsers are showing the login frame correctly, but console shows it with errors, still) by hashing this line in .htaccess file:

                # Don't allow other sites to frame in your content. If you do need to frame the
                # forums in on another host you will need to remove or change this line.
                # Header always append X-Frame-Options sameorigin
                I have tried to add those lines but then login frame didn't work at all or behaved like beofre.

                Header set Access-Control-Allow-Origin "*"
                Header add Access-Control-Allow-Origin https://www.gooner.pl/forum
                Header add Access-Control-Allow-Origin https://www.gooner.pl
                I am aware that hashing X-Frame-Options is a potential security risk and will try to fix it after contacting hosting support.

                Thank you for support.

                Comment


                • #9
                  The login iframe should always use the same URL as you have for the Front-End URL in the AdminCP. The only reason it has its own setting is because of something we attempted in 5.0.0 and have since disregarded and people should use SSL for the entire site these days. The option has stayed because it doesn't usually pose a problem.
                  Translations provided by Google.

                  Wayne Luke
                  The Rabid Badger - a vBulletin Cloud demonstration site.
                  vBulletin 5 API

                  Comment

                  Related Topics

                  Collapse

                  Working...
                  X