OroCRM Forums

Covering OroCRM topics, including community updates and company announcements.

Forums OroCRM OroCRM – HTML, JavaScript, CSS, Design Questions Cross-site Requests to orocrm.com – Are They Necessary?

This topic contains 9 replies, has 6 voices, and was last updated by  Rodolfo 3 years, 10 months ago.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Author
    Replies
  • #25610
    Dima Soroka
    Dima Soroka
    Keymaster

    Hi Tim

    We have this JS code in order to enable “Ask a question” form later on. It should not block page load and we’ll verify this issue.

    Thanks
    Dima

    #25611

    Alexandr Smaga
    Participant

    Hello @etoulas!

    We tried to reproduce this issue, but we could not.
    Could you please give us more details ?

    I tried to setup ipfw on my mac that blocks all requests to crm.orocrm.com.
    And it works as it should, page was not blocked and after timeout which equals 2 secs, I’ve seen reported error in JS console.
    The same behavior if embedded script is not accessible due to slow connection.

    #25612

    Rodolfo
    Participant

    ‘http://crm.orocrm.com/bundles/orocrmrequest/js/embed.form.js’.
    This request has been blocked; the content must be served over HTTPS.

    Any update about this?

    #25613
    Dima Soroka
    Dima Soroka
    Keymaster

    Hi @Rodolfo

    It must be over HTTPS, do you have a case when it is not?

    #25614

    Rodolfo
    Participant

    Hi Dima @soroka

    For some reason, it doesn’t translate this: https://github.com/orocrm/platform/blob/master/src/Oro/Bundle/PlatformBundle/Resources/views/have_request.html.twig#L7 to https

    Not sure if I’m missing some config or if it’s indeed an issue.

    #25615

    Thanks Rodolfo! We will check it.

    #25616

    Rodolfo
    Participant

    Thanks Ivan,

    Just a heads up, I found another problem that occurs when we click on “Configure Integration”:

    Channel -> Create Channel -> Select: Magento -> “Configure Integration” (To open to modal window)

    Mixed Content: The page at ‘https://ACME/channel/create’ was loaded over a secure connection, but contains a form which targets an insecure endpoint ‘http://ACME/channel/integration/create/magento/test?_wid=XXXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX&_widgetContainer=dialog’. This endpoint should be made available over a secure connection.

    #25617
    Dmitry Shikalenko
    Dmitry Shikalenko
    Participant

    Hi @Rodolfo

    I tried to reproduce your issue but I couldn’t. I checked older versions till 1.6 as well. Moreover the AJAX request that leads to error is sent with relative path so having different schema there looks quite strange.

    Could you provide more information about your conditions? For instance OS, browser, any extra pluging or software that have chance to impact on this functionality

    Thanks

    #25618

    Rodolfo
    Participant

    Thank you very much for your effort @dshykalenko
    I’m forcing any http to go over https. These are my actual configuration:

    nginx

    app/config/routing.yml

Viewing 9 replies - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

You will be redirected to [title]. Would you like to continue?

Yes No