Magento 1.9. One page checkout not working past address stage

The checkout issue of not being able to proceed past entering the initial address is a real sod to sort out.  There seems to be a variety of possible causes almost all of which leave no easy trail of errors or, in some cases, no errors at all.  I am posting my latest discovery here after migrating a site a new server to find that I was unable to progress past stage 2 of the one-page-checkout process. Spoiler alert: it was the CSP!

So on checking the site after moving to a shiny new server, I click the continue button at the bottom of “billing information” and it does nothing…zip…nada…nowt.

Inspecting the Network activity using the dev-tools I see that saveBilling/  was getting called, and returning a response and getAdditional/ was also being called (empty response but that is fine).

No php errors, no errors in the magento folder, no JS errors thrown. No indication anywhere as to what was wrong. It just would not work.

I checked that any custom phtml layouts for the forms were including the

<?php echo $this->getBlockHtml('formkey') ?>

Which caused many issues after a security patch some time ago but no, this was not it.

Previously I have had similar problems and found that the mbstring php module was either missing or corrupted on the server.  Again these were fine.

I checked seemingly endless code  and template files to the point where no differences were there…same issue.  This lead me to comparing server settings one at a time between the old and new server…

After many hours of despair this is what I found – it seems that you cannot safely use a content-security-policy (CSP) with Magento 1.x  .

As part of the new server setup something akin to this

Header set Content-Security-Policy “default-src ‘self’ *; connect-src ‘self’ *; style-src ‘self’ ‘unsafe-inline’; script-src ‘self’….etc.

had been added to the apache config.  This stops the checkout javascripts from working correctly and kills it….irritatingly silently.

I tried adding the unsafe-inline and unsafe-eval source values (effectively making the CSP pointless in many ways) but still no luck.  Had to disable it.

So even though all the website testing tools say to use a CSP….can’t do it here.  Annoyingly most of the rest of the site seems to work.  *Sigh*

Hope this helps.  If you find this page and it is helpful please leave a comment to let me know or feel free to buy me a beer.

Will be starting work on Magento 2 shortly so that should provide fodder for many new anguish-based posts.


Facebook Comments

2 thoughts on “Magento 1.9. One page checkout not working past address stage”

  1. It’s a pity you don’t have a donate button! I’d without a doubt
    donate to this superb blog! I guess for now i’ll settle
    for book-marking and adding your RSS feed to my Google account.
    I look forward to brand new updates and will share this website with my Facebook group.
    Chat soon!

Leave a Reply

Your email address will not be published. Required fields are marked *

Apply your human brain cells and complete this highly complicated maths problem *