HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
How to Use Vanilla with SSL
I embeded Vanilla to a WordPress site, and I just recently added SSL to that site. But now, when I visit the page that I have Vanilla embeded on it is blank and does not show the login fields. What do you think the problem is? How can I regain access to my Vanilla installation and how can I ensure that it is compatible with SSL?
Thanks in advance for your attention to this matter!
0
Comments
You will need to make a few changes to the vanilla htaccess file and /or add a configuration in the config.php to get Vanilla under ssl . This thread is long but near the end there is a more modern explanation of how to do it. Not sure if this has anything to do with not seeing your login fields. You should inspect the source code to see if they are there but being hidden somehow. Does this happen with the popup or also the sign in page?
Remember that the url for the forum under ssl will have to be also coming from an encrypted source or the browser will block the content as being unsafe. All the content you post in the WP encrypted site needs to also come from encrypted site or it will be blocked and you will see a blank page. Inspecting the source will confirm this as there will be a warning and a notice that the content was blocked. This is a browser setting as well that you can disable by allowing unsafe content. This blocking does not happen on Safari on the mac.
http://vanillaforums.org/discussion/10572/enabling-ssl-in-vanilla-2/p4
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Hi @vrijvlinder!
Thanks for the quick reply. I reviewed the link you provided and I did as was instructed there. I added this to my config.php file:
$Configuration['Garden']['AllowSSL'] = TRUE;And I added this to my .htaccess:
# Modified # If you modify this file then change the above line to: # Modified <IfModule mod_rewrite.c> RewriteEngine On # Certain hosts may require the following line. # If vanilla is in a subfolder then you need to specify it after the /. # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum) RewriteBase /forum RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </IfModule>But unfortunately, it's still not working. I'm still getting a blank page. I have my forum restricted so that you have to login to view the discussions. I didn't have the login popup. It was just a page with the login fields on the page. But now the login fields aren't showing at all.
Just so you're aware of the environment I'm working in, I have Vanilla installed on mysite.com/forum, but then I set up Vanilla to redirect mysite.com/forum to my WordPress page where I embeded Vanilla on - mysite.com/forumname. When I go to mysite.com/forum I can see the login fields on the Vanilla theme for a few seconds. Then it redirects to mysite.com/forumname and the page is blank. It shows my WordPress theme, header, footer, etc., but the content section where the login fields use to show is now blank.
Do you have any other suggestions or any other ideas as to what may be the issue here?
Thanks!
You can try the force ssl true . I was not aware this also happens in WP when under ssl, This is a known issue with embedding in Facebook. according to @Lincoln they no longer support embedding in Facebook , but never mentioned about WP.
Maybe he has more of an idea of what to do about this.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Ok, I'll wait to see what @Lincoln has to say. In the meantime, what do you mean by "You can try the force ssl true." What does this mean and how do I do it?
Thanks, again!
Is this a plugin I should install?
http://vanillaforums.org/addon/514-sslcontrollers
no the configuration instead of allow. In theory it should force all outgoing links to be ssl only.
$Configuration['Garden']['ForceSSL'] = TRUE;
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
I enabled the SSL Controllers plugins by uploading the files to the plugins folder and then adding this to the config.php file:
$Configuration['EnabledPlugins']['SSLControllers'] = TRUE;But the issue still persisted. It was still drawing a blank page with no login fields on mysite.com/forumname.
So then, leaving that plugin enabled, I disabled the the remote url with embed Vanilla by commenting out this line in the config.php file:
$Configuration['Plugins']['EmbedVanilla']['RemoteUrl'] = 'https://mysite.com/forumname/';Then I was able to login by accessing this page - mysite.com/forum. I was able to view and interact with my forum using SSL with seemingly no problem. However, when I reenabled the remote url, it again drew a blank page. It appears that using the remote url with the embed Vanilla plugin is the problem. Any idea what can be done to fix it?
Also, please note that I am not using the WordPress Embed Forum plugin. I just inserted the Forum Code into the WordPress page where I want the forum to show up.
If anyone could offer any assistance here I would greatly appreciate it.
Thanks!
@vrijvlinder
I just changed the allow to force in the config.php, and then enabled the remote url and it still shows a blank page instead of showing the forum.
Please advise.
It shows a blank page becuase of mixed content.
You have to make a change to the embed script. Are using plugins/embedvanilla/remote.js? Or the the core one?
It is basically a case of changing the http to https in the script.
grep is your friend.
@x00
You're a genius! That worked! Thank you! I am using embedvanilla and I changed http to https.
I would like to thank you @HCE for your diligence in this matter and @x00 for handing the missing link.
I was helping Dave Matson with his embed in facebook but even after the changes in config and the htaccess still showed blank page.
Just now, I changed all the http to https in the embedvanilla plugin and had him overwrite his folder with it. Now the forum shows on all browsers and the links all go to https in a facebook embed.
The only issue will be things you add that contain http like images and embedded objects inside the theme. But by changing the source url to https the page loads the object without a problem.
Thanks !!
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Here is a copy of the embedvanilla plugin modified to work with ssl
when you copy paste the script into facebook or WP under ssl change the url of the script to https also.
steps:
1.$Configuration['Garden']['ForceSSL'] = TRUE;
2.Change the embedvanilla plugin so all http are https or use the copy I enclosed.
3.Copy Paste the embed script from the Dashboard to where you want to embed it.
4.Enable the embedvanilla plugin
I was able to recreate this so I know it works now.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Quick question: I believe I read somewhere not to change the http on line 37...
host = host.replace('http://', '').replace('https://', '');...But to change it everywhere else. Is that right? I changed http to https everywhere else in the remote.js file EXCEPT on line 37, and it works. But it also works with changing the http to https on line 37. Is it better to change that line or does it not matter?
I changed it everywhere. To make sure. If it works without it changed that is fine too.
What matters is that it works in my opinion.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
I disagree, change where it make sense. In fact the best thing to do it put some logic to detect the scheme.
If the code above is is properly understood and I don't think it is difficult to understand, then you can see it doesn't need to be changed. It is replacing the whole scheme with nothing.
You want to change it where, there is an actual url which a scheme.
grep is your friend.
Hello,
I went all the steps above, but suddenly discovered that I don't have the embedvanilla plugin installed. Instead I'm using the vanilla 2.1 core embed!
Don't really know which files should be changed from http to https?
Yes, those files are now in the js folder of your forum. embed.js and possibly the other js files that say embed but I have not tested with changing those, only the embed.js
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
I did change embed.js and embed_local.js, but still blank page!
ok then I suggest you try using the embed vanilla plugin and see if that works for you, I know it works because I helped someone set it up but with the plugin not the core embed
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
This didn't work