hello David,
could you tell me if there are any problems with using https encryption and feeds, particularly Awin feeds, but in general as well, I have asked Awin and they think there are no problems, I have changed a number of my sites and created new ones using https encryption and the results are prety miserable, I'm just trying to eliminate any problems (if there is one) - Google are pushing https and dropping or diminishing the ranking of sites using http.
Thanks in advance
Philip
Hi David,
Your post was very useful.
However I had a bit of a problem as I forced SSL using Cloudflare without actually installing a SSL certificate. So when going to https://www.example.com/sitemap.php the links would actually show as "http" an not "https". Also I had the same problem with merchant logos, showing as not secure.
I presume this is because my webserver is transmitting the data non securely to Cloudflare who then transmit it using SSL to the end user, and thus pricetapestry can't detect it should be displaying SSL links.
I have temporarily solved this problem by installing a free 90 day SSL certificate. However is there a way to force PriceTapestry to use SSL in Sitemap and merchant logos so I don't have to buy a permanent certificate as it seems unnecessary if using Cloudflare?
And another question, if I setup a global filter to search and replace non SSL images, how much more resources would this use on the server during the import process compared with just setting up individual filters for the few feeds without SSL images? It would be easier to do a global filter in case I miss a feed or two, but I am worried about server resources and import time.
Thanks
Hello Sydney,
For sitemap.php you can manually set the $_SERVER["HTTPS"] variable which will force https:// URLs. To do this, look for the following code at line 2:
require("includes/common.php");...and REPLACE with:
require("includes/common.php");
$_SERVER["HTTPS"] = "on";For merchant logos, the src attribute is output as a relative URL so I assume that Cloudflare is rewriting this into a fully qualified http:// URL. You could try making the fully qualified https:// URL at source - for the Merchant A-Z, edit html/atoz.php and look for the src attribute of the item logo within line 30:
src='<?php print $atoz_item["logo"]; ?>'...and prefix with an https base HREF ending in your domain name for example;
src='https://www.example.com<?php print $atoz_item["logo"]; ?>'And similarly for the price comparison table, edit html/prices.php and look for the src attribute within line 49:
src='<?php print $config_baseHREF."logos/".str_replace(" ","%20",$product["merchant"]).$config_logoExtension; ?>' />...and REPLACE with:
src='https://www.example.com<?php print $config_baseHREF."logos/".str_replace(" ","%20",$product["merchant"]).$config_logoExtension; ?>' />It would be no problem to use a global Search and Replace filter on the Image URL field however do bear in mind that whilst in the majority of cases today wherever a feed contains an http image URL it will work over https, that is not necessarily the case of course...
Cheers,
David.
--
PriceTapestry.com
Hello Philip,
As of 16/10A there is nothing in the script that would require modification for https however prior to this distribution sitemap.php generates http URLs regardless of the request protocol. sitemap.php is fully backwards compatible with 15/09A so if you extract the script from the latest distribution and upload over the top of your existing version your sitemap will return https URLs if requested over https.
If moving a site, the generally accepted best approach seems to be a 301 (Moved Permanently) redirect from the http to https URLs - Google have a guide to changing protocol here;
https://support.google.com/webmasters/answer/6073543?hl=en
If using .htaccess, you can perform the redirect using the following rules;
RewriteCond %{HTTPS} offRewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
It is important for these statements to be the very first rules after the RewriteEngine On line otherwise you can have the situation where you end up redirected to an internal rewrite URL!
The only real consideration regarding feed data and moving to https is that of Image URLs - if they are not https this can result in the browser displaying a "This site is not fully secure!" message or words to that effect - not a good look! In this case there are a couple of options;
- it may be that even where http image URLs are contained in the feed they do in fact work over https, in which case you could change the URL using a Search and Replace filter to change
http://tohttps://. This could be done as a global filter as a temporary experiment forcing all image URLs to https; then go through your Merchant A-Z and see if any are no longer displaying images.- alternatively, if you are not concerned about the bandwidth implications you could use the image caching script in proxy only mode, in which case all images would appear to come from your server and therefore always over https.
Hope this helps!
Cheers,
David.
--
PriceTapestry.com