Hello for all! 
[OXID 6.1.1 EE]
I have small problem with SSL settings and redirections…
My target setting is, to have working OXID shop ONLY on https. Even if i will write address http://www.mydomain.pl, app/server should redirect me to https://…
And now we have few cases:
Case 1 - starndard
$this->sShopURL = 'http://www.mydomain.pl’;
$this->sSSLShopURL= ‘https://www.mydomain.pl’;
$this->sAdminSSLURL= ‘https://www.mydomain.pl/admin’;
$this->blForceSessionStart = false;
Result:
- OXID does not provide me all https addresses.
- Page with “http” can be opened but with errors to extenrnal links to google fonts or icons, etc.
Example of error in browser console:
Access to font at ‘https://www.mydomain.pl/out/xxx/src/css/fonts/fontawesome-webfont.ttf?v=4.7.0’ from origin ‘http://www.mydomain.pl’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
Case 2
$this->sShopURL = ‘https://www.mydomain.pl’;
$this->sSSLShopURL= ‘https://www.mydomain.pl’;
$this->sAdminSSLURL= ‘https://www.mydomain.pl/admin’;
$this->blForceSessionStart = false;
Result:
- It works almost ok but user can still write in browser http://www.mydomain.pl. Page can be opened but with errors to extenrnal links to google fonts or icons, etc.
- In addition i have bug with “white page” redirection while logout button from article view which have set visibility rights in admin panel ({Article}>Rights>Assign User Groups) - i found workaround for this issue by set “sSSLShopURL” to null.
https://bugs.oxid-esales.com/view.php?id=6946
Case 3
Set force redirection on server (apache / in virtualhost).
$this->sShopURL = ‘https://www.mydomain.pl’;
$this->sSSLShopURL= null;
$this->sAdminSSLURL= null;
$this->blForceSessionStart = false;
Result:
- It works in 99,9%.
- But some modules like “CleverReach Connector” require setting like: ‘sSSLShopURL’.
Any suggestion how to find right way to fix it?