HTTPS

Sana Commerce 9.0
Your connector

Partial HTTPS

Sana Commerce can also be configured so that a part of the webstore runs via HTTPS. There is a set of preconfigured rules for all webstore pages. These rules for partial HTTPS can be changed in the 'partial-ssl.config' file in the Sana Commerce frontend directory.

To configure partial HTTPS for your webstore:

Step 1: Open the 'web.config' file of the Sana Commerce frontend.

Step 2: Locate the following line:

<ssl mode="Off" partialConfigPath="partial-ssl.config" bypassWarning="true" />

Step 3: Change SSL mode to 'Partial'.

With the 'Partial' SSL mode the part of the webstore will run via HTTPS. The rules that are configured in the 'partial-ssl.config' file of the Sana Commerce frontend will determine the webstore behavior. The rules specified in the 'partial-ssl.config' file are used only for partial HTTPS and can be changed.

This file contains all webstore pages grouped by its relationship. For example, all pages which send sensitive data over the Internet, like 'Login', 'Change password', 'Create account', 'Forgot password', all checkout and profile pages are allocated in the 'Profile' and 'Checkout' groups and by default always run via HTTPS.

All content and catalog pages are allocated in the 'Content' and 'Catalog' groups and by default always run via HTTP.

There is also the 'System' group that contains different system pages and directories. The 'Optional' security mode is set for this group of pages and directories. This means that pages of this group can be opened via HTTP as well as HTTPS.

For each group of pages a security mode is set (the value of the 'secure' attribute). There are three of them:

Security mode Description
Always If the value of the 'secure' attribute is set to 'Always', all pages determined in this group will always open via HTTPS.
Never If the value of the 'secure' attribute is set to 'Never', all pages determined in this group will always open via HTTP.
Optional If the value of the 'secure' attribute is set to 'Optional', all pages determined in this group can be opened via HTTP as well as HTTPS.

You can change the security mode for any group of pages as well as change the position of pages within the groups or create another group of pages with an appropriate security mode.
 
The configured rules for pages and directories use either route or path. If path is used it can contain a wildcard ('*') character. Route has higher priority than path.