Today I was working in a 3rd party module. Something very simple, an AJAX Add to Cart button. But, when I requested
http://.../ajaxcart/cart/add, I've got a 302 HTTP status, or, a redirect, to the same requested URL, but in secure mode (HTTPS).
After debugging, I could understand that the controller wasn't being called, so I try to find a configuration problem. The Administration Panel was configured to be served on HTTPS (Configuration > General > Web > Secure > ???), and when I've removed this option, everything was working as expected.
Long story short, here is the problem:
<frontend> <routers> <ajaxcart> <use>standard</use> <args> <module>Company_AjaxCart</module> <frontname>ajaxcart</frontname> </args> </routename> </routers> </frontend> <admin> <routers> <ajaxcart> <use>admin</use> <args> <module>Company_AjaxCart</module> <frontname>ajaxcart</frontname> </args> </routename> </routers> </admin>
Did you see that
frontname is the same both for frontend and admin? In this way, every time we call a URL with the pattern
http://.../ajaxcart/*, Magento replies you to redirect to secure mode. When using AJAX, we have to main problems with this:
- Developers don't often worry about HTTP Status codes that aren't 200;
- You have to configure the
Same-Origin Policy, or you'll get
CORSerrors like this:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://.../ajaxcart/cart/add/. This can be fixed by moving the resource to the same domain or enabling CORS.
TL;DR: On every module you develop for Magento which needs controllers in admin and frontend, pay attention and don't use the same