cancel
Showing results for 
Search instead for 
Did you mean: 

using app/etc/config.xml to secure specific pages

using app/etc/config.xml to secure specific pages

I can force all page elements to utilise https by placing this code in the app/etc/config.xml:

 

<frontend>
<secure_url>
<all>/</all>
</secure_url>
</frontend>

 

But I only want the login, create account, cart, checkout and contact page to be secure.

 

If I use something like this:

<frontend>
<secure_url>
<checkout_cart>/checkout/cart</checkout_cart> 
</secure_url>
</frontend>

 

It doesnt work - The page uses https but isnt fully secure as there are unsecure elements on the page.

1 REPLY

Re: using app/etc/config.xml to secure specific pages

Hi there.

 

You can acheive most of what you are after by changing some settings in the admin area. As long as your secure url is set correctly in system configuration and you have turned on "use secure urls in the frontend", your checkout, login and register pages would forward to https.

 

Now as for your contacts page; this is a bit more trickey to do out of the box and would require a custom rule outside of the system configuration but at this point my question is why not just make your entire site run under https? It is now considered best practice and is looked favourably on by google. There are some things to consider if decidiing to do that though.

 

Regards,

Andy

Problem solved? Click Accept as Solution!
www.iwebsolutions.co.uk | Magento Small Business Partner