#google chrome #http #https #ssl #woocommerce
Provides an instant overview of your shop's current customers and the contents of their carts.
I was setting up a demo for a WordPress theme which utilizes WooCommerce. All good, until on 25 June everything broke. Inspecting the browser console it appeared to try to load all assets (css, js, images) over HTTPS, though my servers (both locally and online) had no SSL setup. Also the login page was redirected to https by force so I couldn’t even get into my WordPress admin area. It became even weirder when discovering that it was only broken in Chrome (I’m using the Chrome beta), not in Firefox. You’d think the WordPress pages render server-side so the browser has no influence on rewriting URLs to SSL variants. The issue being so recent meant I couldn’t find anything about it online, combined with not really knowing what to look for (is it WooCommerce specific? Chrome specific? Chrome version specific?).
After digging a bit through the WooCommerce code I found it does a lot of is_ssl() checks. Echoing is_ssl() in my theme before any other execution indeed showed “true”. So next I looked up the is_ssl() function in the WP core to see how it comes to this conclusion and if there’s a filter to hook in to. No filter but one thing it looks for is $_SERVER[‘HTTPS’]. When echoing $_SERVER (var_export( $_SERVER ); die();), it indeed shows HTTPS as true… That brought me to the following hack which fixes the issue:
// In your theme / a plugin's functions.php:
$_SERVER['HTTPS'] = false;is_ssl() will then return false as it should.
Note that this might not apply to your situation and only do this if you really don’t have an SSL certificate installed and remember to fix it when you do later.
Update:
Finally found this topic in WordPress.org support forum addressing the exact issue: https://wordpress.org/support/topic/site-broken-in-chrome-ssl-issue and it mentions this concerns Chrome version 44+.
Update:
Now a Chromium issue: https://code.google.com/p/chromium/issues/detail?id=505268
Update:
Update to the latest WooCommerce version (2.3.12+) to fix it.
Posted by Berend on
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>
Hello, thank you very much for this fix. I was sitting for countless hours, most likely on the same track as you but I couldn’t find the source for this issue. Do you know where exactly this bug is coming from? Is it a bug in the is_ssl() check? Have you reported it already? How comes that only chrome is affected? Do you have any more infos about that? I\’m just curious and just would like to make sure that this issue gets fixed properly. Many thanks again, Joe
Chrome beta send a new header : HTTPS:1 it breaks wordpress check for https, so a connection to the http version will try to load assets with https (and possibly breaks the website is https is not supposed to be supported). https://core.trac.wordpress.org/browser/tags/4.2.2/src/wp-includes/functions.php#L3686 https://code.google.com/p/chromium/issues/detail?id=505268
Thanks for posting this. I spent most of today trying to resolve this issue. You’r an absolute legend!
Thank you!!
Hi there – I’ve been doing some digging on this and the problem lies with WooCommerce rather than with Chrome. Here’s what’s happening:
– Chrome is adding an extra request header as per this W3C draft recommendation: http://www.w3.org/TR/upgrade-insecure-requests/
– The presence of this causes Apache to set the server variable [HTTP_HTTPS] => 1
– WooCommerce has a function called fix_server_vars() which (incorrectly) sees the [HTTP_HTTPS] server variable and sets a new server variable: [HTTPS] => 1
– the is_ssl() function in WordPress (correctly) sees the [HTTPS] => 1 variable and returns true
– lots of things now break
Depending on your server setup, you can probably safely remove the code from woocommerce.php that incorrectly sets [HTTPS] => 1 – it’s in the fix_server_vars() function round about line 389 in the latest version
Paul Ratcliffe
www.refinedpractice.com
@Paul Thanks for the details. It seems WooCommerce version 2.3.12 contains a fix.
Thanks Berend!
Thank you! Saved my day! : )
Thank you for sharing this information.
Hey,
This plugin available on GitHub can save you a lot of troubles until the next Chrome version is out.
It basically forces the HTTPS to be false. A fix in Google Chrome will be available in their next release which is planned for 27th July 2015. Until then the plugin should help.
You can view it on GitHub:
https://goo.gl/D54cWv
Cheers
Thank you very much!! You save my life!!
Thank you, thank you, thank you. This was driving me nuts. Updating fixed the problem.
Thanks very much. This also solved my problem. Exactly the same… Albert
THANK YOU! you saved my live! or my job anyway!! :)
Hi, you can download the plugin that solves the issue from www.wdc.me/chrome-ssl-fix.zip, this plugin is in review process on wordpress.org, and it shold be available soon.
Thanks, saved me Sunday! Now I get to spend it with my girlfriend instead of in front of the computer :D
I was freaking out… seriously, until I found your little update on a stackoverflow forum redirecting here.. I just updated woocommerce and everything seems fine now. Thanks a lot!! :D
Finally found some info about this. It’s strange though, I’m using Woocommerce 2.5.5
Please note that this post is from June 2015!
Hi! I’m a new member!