I have moved my OpenCart store to a different host (by restoring CPanel backups - home directory, MySQL database, email forwarders), changed my config.php accordingly, and everything seemed to work normally on the front-end. However, I am experiencing some major issues that affect crucial parts of the store.
First off, whenever I try to log in to the admin panel I receive the following message (as a javascript 'alert' popup):
SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data
OK
Followed by the raw HTML code of the admin login page:
<!DOCTYPE html>
<html dir="ltr" lang="en">
<head>
<meta charset="UTF-8" />
<title>Administration</title>
<base href="https://[MY STORE URL]/admin/" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no, minimum-scale=1.0, maximum-scale=1.0" />
... etc
When I am trying to move around between different sections of the admin control panel I am constatly getting logged out, and receive the same error upon logging back in.
Moreover, user login and checkout are also broken. I can add products to the shopping cart as a guest and proceed to the checkout page, everything appears to be working, however when I put in registration details and press the checkout button, nothing happens (it is supposed to be redirecting to PayPal, as it does on my old host). I am using Journal 2 as my theme, which uses javascript to handle such buttons, so it shows no errors at all.
When I log in to my user account (as a customer) it only works for one page. If I move anywhere else on the website my account is getting logged out.
Based on the fact that I am unable to stay logged in my presumption is that the aforementioned issues have something to do with cookies.
Is there any way to resolve this?
I use OpenCart 2.3.0.2, and MariaDB 10.2.25-MariaDB-cll-lve - MariaDB Server (it differs from the initial host, which shows MySQL 5.6.45-cll-lve - MySQL Community Server (GPL)).
The error you get with alert:
SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data
is from an ajax request that is made every-time you login / navigate inside the admin panel.
Steps to find the issue:
Before you login in the admin panel, right click in the browser and click "inspect element".
Choose tab "Network"
Login into the admin panel with your credentials.
Click ok at the alert of the error and then check into the network tab for the XHR (ajax) request made.
In the response sub-tab you will probably find a PHP exception. Find the cause of the error.
Important:
When a PHP error occurs while ajax request is made, the user token is "lost" so that's why you get logged out. It's not cookie related.
Hope the above helped you.
Related
I'm trying to set up a platform that uses Stripe, and since I need marketplace type of setup I'm using Connect, which does payments and payouts.
I'm testing on local and the redirect URLs I've tried don't seem to work. After registering with Stripe, I'm still taken to their default redirect URI, which says:
Congrats, you're almost done setting up your application! After
connecting with Stripe, your users will be redirected to a page of
your choosing (this is just the default). Make sure to change the test
redirect URI under your application settings to something that makes
sense on your own server (or localhost).
However, I have tried all of these as redirect URIs in my Stripe Connect Dashboard, under the 'testing' option:
http://localhost:8000/test-stripe/connect/default/oauth/test
http://localhost:8000/test-stripe/oauth/callback
http://localhost:8000/test-stripe/
These are supposed to be the URI that Stripe redirects back to on my site, with an added parameter at the end.
Am I missing something? I find their documentation labyrinthine, as you have to click on link after link to get one part of their solution working, and then see if you can find your way back to where you left off. Maybe I missed something along the way.
The test link to Stripe:
<script
src="https://code.jquery.com/jquery-3.4.1.slim.min.js"
integrity="sha256-pasqAKBDmFT4eHoN2ndd6lN370kFiGUFyTiUHWhU7k8="
crossorigin="anonymous"></script>
<h2 style="margin-top:50px;">Testing Stripe...</h2>
{% csrf_token %}
<a id="test-stripe" href="https://connect.stripe.com/express/oauth/authorize?redirect_uri=https://stripe.com/connect/default/oauth/test&client_id=ca_FXp5f7CsYa0ddYm2Jri4zflYuMIPp5wT">stripe</a>
<script>
var token = $("input[name=csrfmiddlewaretoken]").val();
var stripeLink = document.getElementById("test-stripe");
stripeLink.href = stripeLink.href + "&state="+token;
</script>
Thanks in advance for any tips.
Solved. I still had Stripe.com's redirect_uri parameter in the URL - oops.
I made a personal website (http://www.soyoungpark.online) using domain bought from GoDaddy and hosted on AWS s3. I set up everything and thought things were working until I put a simple link to my linkedin profile. When I check the network panel, I see that status code is 200 OK but for the response..there is nothing. The code itself doesn't seem to be problematic; it is simple a with href of the desired link. So I am guessing something could be wrong with my AWS s3 settings? Anyone with similar experience?
It's likely that these services include a header option called "X-Frame" that for security prevents them from being loaded within another site:
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. Source: X-Frame-Options
This does look to be the case when attempting to view Linkedin per your example:
Refused to display 'https://www.linkedin.com/in/exampleuser' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
That said, applying a target Attribute to each to open in a new tab or window should allow these outside services to be navigated to.
e.g:
<a href="https://www.linkedin.com/in/exampleuser" target="_blank">
I am having some trouble holding onto session when opening an initial new tab (target _blank) from IE11.
When I close all instances of IE11 and then open a fresh browser and navigate to the test webpage (default.aspx) the page stores a value in session and displays the session ID on the page. If I refresh the page the session ID stays the same. The page has a link to itself (default.aspx) with a target of _blank. If I click this link a new tab is opened, but the session ID is different. If I then refresh the original window the session ID now matches the new window.
<%# Page Language="C#" AutoEventWireup="true" Inherits="System.Web.UI.Page" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<% Session["StoredValue"]="Test"; %>
<div>SessionID: <%=Session.SessionID%></div>
New Window
3rd Party Window
</body>
</html>
It appears this problem only occurs for the first window on the same domain opened in a new tab (I have verified the problem with both target="_blank" and by holding CTRL while clicking the link).
When I watch the cookie traffic with Fiddler I can see that the
session cookie is sent normally in the initial request from
default.aspx. When I click the link to open the page in a new tab
the session cookie is not being sent in the request headers.
If I restart the browser, go to the test page, open a new tab
manually and paste the link destination into it the cookie is sent
correctly in the request headers and the session from the new tab
matches the original tab as expected.
If I restart the browser, go to the test page, open google from a
link targeting _blank in the test page, and then click the link
opening the test page in a new tab the cookie is also sent correctly
in the request headers and the session from the new window matches
the original window as expected.
I believe this to be a client side issue but the site is running from Windows Server Standard 2008 R2 SP 1 in a 4.0 Integrated website with .NET 4.51 installed (also tried with only 4.5 installed).
The client is Windows 7 64-bit running IE11 (11.0.9600.16476). I have verified the problem on other machines running Windows 7 from IE11 and confirmed that it is not a problem in IE10 from Windows 8 in desktop mode. Everything works as expected in Chrome and Firefox.
I have verified the problem persists even if I:
Move security from Medium High to Medium
Disable Protected Mode
Change privacy to Accept all Cookies
Add the site to either the Local Intranet or Trusted Sites zone website list
Set a P3P compact privacy policy in the response headers stating no information is collected or used.
Set a P3P compact privacy policy in the response headers that would typically be accepted to allow 3rd party cookies within an iframe in past versions of IE.
Change the website ASP.NET session state settings to cookieless="UseCookies" or "false" or remove the attribute altogether (ASP.NET State Server).
Any ideas? Has anyone else seen this issue or similar?
This is an active bug according to microsoft. There is apparently no server-side way to fix this.
Link to bug report
Not a solution, but a clue:
We noticed similar behavior and tracked it down to requests to root/browserconfig.xml causing user to become unauthenticated. Server sent a new session cookie because Windows was not sending the existing one. Subsequent requests then sent the new session cookie value. We changed our server to look for this request and not set response cookies.
This is not a solution, but:
Try middle click instead. If that works for you 100% of the time(it did for me)
js: links with target='_blank' on ie remove defaultBehaviour and trigger middle click.
Problem solved.
Same issue coming for my login,But we tried it to resolve it by changing some setting in IE11 or other problematic browsers.
Goto tools=> Internet options=> Privacy
There click on Sites button. There add mydomain.com & click on Allow button.
Restart your browser.
I have a Django admin action called "Email selected members". Check some members and click the Go button and the user's mail program is opened. The emails of the selected members have been pre-entered.
This works by a Django HttpResponseRedirect(uri) with the uri being "mailto:email1,email2..
where the addresses email1, email2 ... were looked up on the server.
The only problem is that that the browser re-directs to a blank page as well a opening the client mail program.
Is there any way to avoid this?
-- Peter
This question is a little old, but I just went through this and I think I can help anyone looking for an answer in the future.
I ran into this problem because the website I was building had a built-in tracking system that tracked the URLs of outbound links for self-hosted ads. If I don't redirect, there is no way (without changing the way it was implemented) to track the click, since I'm not using an API or anything.
The easy fix was to do what you did, sending back an HttpResponse() whose content is the meta tag
<meta http-equiv="refresh" content="0;url=mailto:youremail#test.com" />
This causes the page to refresh on load, which triggers the mailto: action.
Now we're left with an open window, but we can't close the window using Javascript's window.close() method. I do believe that this solution should work, however. Call that Javascript function after the refresh has been successful.
Unfortunately, I haven't tested this, but these two methods should accomplish a mailto: redirect that does not leave a blank window/tab behind.
Hope this helps!
Don't use HttpResponseRedirect. Just make the mailto: line a link. Email selected members
I don't think it is possible. RFC 2616 says re 302 redirect:
The temporary URI SHOULD be given by
the Location field in the response.
Unless the request method was HEAD,
the entity of the response SHOULD
contain a short hypertext note with a
hyperlink to the new URI(s)
So the blank page that I see is the (very) short hypertext note. The browser gets the redirect instruction, pops up a temporary page with the redirect message, then retrieves the redirected URL. But with a mailto: URL the temporary page obviously remains.
I am trying to set a loginPage value on a Sitecore site in the web.config. The file referenced in the loginPage is an Sitecore item, so it is not a psycical page on the server. No matter how i reference to it, it doesnot work. I get one of 2 errors (depending on how i refrecen to the file);
The resource cannot be found.
Error executing child request for /sitecore/login. (The path beeing the one i referenced in the web.config)
Any ideas?
The explanatory comment in web.config says that 'loginPage' attribute should be The path to the login page to use. Must point to a physical file or a page in a site that does NOT require login. 'Require login' means denied Read permissions for the Anonymous user. This Anonymous user is the one in the domain specified for this site.
For instance, if you want to have login page set for the 'website' site, you should make sure that extranet\Anonymous has read permission to the item you specified.
Hope this helps.
The loginPage attribute is actually a URL, not an item path. Include the full path with extension -- e.g. /MyAccount/Login.aspx
Try hitting the url in the browser to your login page. If you cannot reach the page itself or if it throws an error in the browser then accessing it in the web.config will not work.
Once you have the login page coming up in the url in the browser using the path yoursite/login or whatever sitecore tree path you have set up. Then add it to the web.config.
Also, in the content tree you can click on security and access viewer for the login item. Then select the anonymous role. If its is a security issue then you will see which role is affecting the security settings for anonymous.
Type this in browser"Url of ur website/Sitecore/showconfig.aspx" .. Here you will get a combination of all the .config files being used. Also, you can just check in fiddler(a software) to see what else you get in response apart from resource can not be found.
Would be nice if you could also paste the settings you applied in the web.config, but this is how I understand the question.
You wanted to create a client user login page, not overriding the Sitecore login page.
If so, you have to ensure that it's under the home item (sitecore> content >home > YOUR_LOGIN_PAGE).
If outside the home item, eg. sitecore> content >YOUR_WEBSITE > YOUR_LOGIN_PAGE then you have to configure that in the sitedefinition.config because that is somehow treated as a new site and not part of the freshly installed Sitecore.
To validate that you have applied it correctly, try accessing the showconfig page on your browser (eg. http://YOUR_WEBSITE/sitecore/admin/showconfig.aspx)
Additional stuffs you might want to double check:
Make sure you were able to publish it on the web database, if not try accessing in the preview mode
Make sure that the item has layout and rendering definition. Otherwise, it won't work.
Make sure you have the right permission, for you to be able to access the page. I would assume you're in the admin role
This issue can be caused by modified setting :
<setting name="RequestErrors.UseServerSideRedirect" value="false" />"
which is false by default.
According to notes in config file If true, Sitecore will use Server.Transfer instead of Response.Redirect. But Server.Transfer is not good option for regular login page redirect because:
ASP.NET does not verify that the current user is authorized to view the resource delivered by the Transfer method.
You can change it in Sitecore.config file
<site name="shell" ... loginPage="yoururl" ... />
<site name="login" ... virtualFolder="/yoururl" ... />
<site name="admin" ... virtualFolder="/yoururl" ... loginPage="/yoururl/login.aspx" />