Announcement

Collapse
No announcement yet.

Cannot display pages correctly after change to HTTPS

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • john_rsd
    replied
    Wayne, but only for chrome ? No issues Edge or FF ? and after a page refresh in Chrome by bringing up another page first, Chrome works.

    Could be a setting mys ide Wayne.

    I will drop the site live to a few people and see what happens. Can only be what I have here or server so I will kick it around a bit first.

    Thanks

    John


    Leave a comment:


  • Wayne Luke
    replied
    What is the security policy that you're using?

    It isn't missing a cache. The Login box is a separate call to the server and loaded in an iframe. If you block iframes improperly, it can cause problems. Your hosting provider may have provided a security policy to your site without your knowledge.

    Leave a comment:


  • john_rsd
    replied
    Mark

    Changed all 3 now to https://www.domain.org and Chrome still doing the same, even if I am actually logged in.

    I did login and hit remeber me, then closed chrome

    Open chrome back up, I see a login at top right and when its dropped down it is blank

    So I tried a test and set the sites https URL as the default page when starting. All seems OK

    It is making little sense to me Mark, it should be working fine, I will try again later. Did you see the small video clip above ?

    John

    Leave a comment:


  • john_rsd
    commented on 's reply
    Thanks Mark, your article was one of the first articles I hit, nicely written as well.

    The third on the core location states "Do not update unless directed to by vBulletin Support" so I took that literally as being a special case, I will go chnage it now.

    Cheers

    John

  • Mark.B
    replied
    Yes you must change all three URLs to https.

    Please also review our guide and ensure you have followed all relevant steps:
    https://forum.vbulletin.com/articles...forum-to-https

    Leave a comment:


  • john_rsd
    replied
    Wayne

    https://www.domain.org

    That is where it is landing, same address as in Edge or FF.

    Somehow Chrome and Safari seem to be handling the URL differemtly on first landing.

    Only link in settings I have left as http and not changed to https is the /core location. The note says leave as is unless told to change it by vb support. Do I require to change this to https also ?


    John


    Leave a comment:


  • Wayne Luke
    replied
    What address are you typing into your address bar of the browser?

    www.example.com and example.com are two different URLs and therefore two different sites as far as browser security is concerned today. You will have problems. Clicking on a link would send you to the address specified in your AdminCP under Settings -> Options -> Site Name / URL / Contact Details. That is the URL you should always use.

    Leave a comment:


  • john_rsd
    replied
    OK, please see attached video.

    When i tested forum access in the Ipadpro with safari and chrome I hit a brick wall as the login box was blank.

    So i installed Chrome on W10 and it was the same (rules out IoS)

    However, if I then hit register, then go back to login the login box works.

    Close down chrome, open up and hey prestor same issue.

    Something must be missing on first load that is cached when other content is loaded (such as click register)

    Attached Files

    Leave a comment:


  • Wayne Luke
    replied
    The login frame shows on my iPhone. Can you clear the cache in Safari and try again?

    Leave a comment:


  • john_rsd
    replied
    OK,

    Still an issue it seems with Safari and Chrome on IoS (Ipadpro) which is similar with what I seen earlier with Edge. Edge and FF under W10 seem fine

    The login drop down is blank.

    See image

    I must admit not to be familiar with Safari at all



    Leave a comment:


  • john_rsd
    replied
    Hi Wayne,

    I *think* I have sorted it now, I found a few more posts in the forums which helped, one for doing the SSL checking itself on https://www.ssllabs.com/ssltest/ which confirmed the cert seemed OK

    Some of my other domains were not OK, always skeletons to find

    Anyway, I set the .hta file back to standard

    Code:
    # To redirect users to the secure version of your site, uncomment the lines below
    RewriteCond %{HTTPS} !=on
    RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
    This alone kills access to the AdminCP

    So back to the standard one

    AdminCP>Settings>Options>Site Name / URL / Contact Details

    So I set first

    vbulletin URL = HTTPS://www.domain.org
    Login URL = HTTPS://www.domain.org
    Core URL = HTTP://www.domain.org
    HTTPS Term = NO
    ROUTE CONV = NO
    LOGO URL = BLANK
    Forum URL as Base = YES

    Added this list
    https://www.domain.org
    http://www.domain.org
    https://domain.org // New addition as the cert search showed no www
    http://domain.org // New addition as the cert search showed no www


    Set style sheet to go back to database and I will try that later with a new folder

    THEN

    I changed the .hta file

    Doing it that way round and adding the domain.org (no www) in list seems to have worked.

    All seems OK for now.

    So my apologies Wayne, I either did things out of sequence and screwed up or perhaps a cahce issue on eithe browser while fumbling around.

    Learning and remebering a bit more every day :-D

    Thanks again.




    Leave a comment:


  • john_rsd
    replied
    Thanks for the replay Wayne, I know its skirting around server issues which is not what you do so i will try and keep it short.

    The CSS was the main one, I just found another few topics after digging that recommend moving the CSS from files to database but at the penalty of not having selectable themes for users ??

    Second one was when I attempted to go to AdminCP>Settings>Options>Site Name / URL / Contact Details in which FF had a nervous breakdown and CSP just blanked the frame with a message it cant display, so I had to venture to where they be dragons ;-) and disable it.

    I could however access other settings OK, it was that particular option it did not like.

    When i eventually though I had it working, I also got a login error under Edge, which also said it cant run iframes (I think that was it)

    And no, no modified templates, yet ! as i need the platform running first, eventually I want to move it to vBCloud and be done with managing servers, just need the site to gain traction first.

    See attached.

    The one that concerns me is where CSP is locking it down.

    John
    Last edited by john_rsd; Sun 1st Dec '19, 3:08pm.

    Leave a comment:


  • Wayne Luke
    replied
    Both examples of the .htaccess code do exactly the same thing.

    You need to update the URLs in the database under Settings -> Options -> Site Name / URL / Contact Details. All three URL options need to be updated.

    Your Content Security Policy needs to allow iFrames/Frames from your own URL.

    What elements are not switching to HTTPS besides the CSS? Have you modified any templates?

    Leave a comment:


  • john_rsd
    started a topic Cannot display pages correctly after change to HTTPS

    Cannot display pages correctly after change to HTTPS

    I have been bouncing back and forth between server and install and managed to lock myself out twice thanks do content protection (had to disable it in browser temp) but no matter what I do I either get a CSP error, a mod_security error or the page will not display correctly as if the template was missing (just scrolling bars)

    I uncommented the lines in the .htaccess file for the defaults

    # To redirect users to the secure version of your site, uncomment the lines below
    RewriteCond %{HTTPS} !=on
    RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

    And even tried the hosts suggestion ( I assume vb pulls server name from the option settings in ACP ? )

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://example.com/$1 [R=301,L] where exampl.com is the domain.



    Again I tried the options in ACP for login URL, and the other settings which all seemed to work except kicking off the CSP errors either in the admincp>settings>options page OR the actual login box


    The host is bluehost and autossl is enabled in case its a known failing of theirs although I am encountering the current resistance to escalate as they see it as an application issue

    https:// is bringing the site up but no template and all the links are all over the place

    John

Related Topics

Collapse

Working...
X