Forum Replies Created

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • May 17, 2019 at 1:26 PM in reply to: Firewall – http vs https #59243
    kenklein
    Participant

    Hi — Hope I catch you in time — I’ve been informed that this project is now on hold so we wanted to let you know we don’t need an answer on this currently, and didn’t want to waste your time following up, so please disregard request above.

    Thanks for your help. If we need more info later we’ll check back, regards

    May 17, 2019 at 1:15 PM in reply to: Firewall – http vs https #59242
    kenklein
    Participant

    Thanks so much for your reply —
    Regarding https – since we were having problems with the locations page working under https, we made changes on Sucuri to always redirect to http. I just now modified the settings so that it will redirect to http, so you can test to see the problem that we are having. (We’ll leave it that way until 5PM Eastern Time in case you’re able to take a look but then we’ll have to revert it at 5PM for now to make sure it functions over the weekend.)

    The SSL cert is at Sucuri. So, when a user browses to smokeybones.com using https, that communication is secure. But the communication from Sucuri to the web server *is not secure* – all communication from Sucuri to the web server is over http. My theory is that since the communication from Sucuri is not secure, that the API rest_url that is generated assumes it should be http, and that code with the http gets cached at Sucuri. But, when a user hits the site using https and the rest_url is http, the user has now entered a mixed-mode state, and the API call will fail.

    For you to see this in action, navigate to https://smokeybones.com/locations/ (it should no longer redirect you to http). Enter something that should give results (“Miami” normally gives results) — and you’ll get the following:
    Could not locate this address. Please try a different location.
    undefined

    The response back from the API call is
    {“code”:”rest_forbidden”,”message”:”Sorry, you are not allowed to do that.”,”data”:{“status”:401}}

    If you switch the page to http://smokeybones.com/locations/ – you’ll see that Miami will return results.

    Please let us know if you are able to take a look before 5PM Eastern Time today (Friday) with our current firewall settings — and thanks again so much for your help

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)