The checkout issue of not being able to proceed past entering the initial address is a real sod to sort out. There seems to be a variety of possible causes almost all of which leave no easy trail of errors or, in some cases, no errors at all. I am posting my latest discovery here after migrating a site a new server to find that I was unable to progress past stage 2 of the one-page-checkout process. Spoiler alert: it was the CSP!
So on checking the site after moving to a shiny new server, I click the continue button at the bottom of “billing information” and it does nothing…zip…nada…nowt.
Inspecting the Network activity using the dev-tools I see that saveBilling/ was getting called, and returning a response and getAdditional/ was also being called (empty response but that is fine).
No php errors, no errors in the magento folder, no JS errors thrown. No indication anywhere as to what was wrong. It just would not work.
I checked that any custom phtml layouts for the forms were including the
<?php echo $this->getBlockHtml('formkey') ?>
Which caused many issues after a security patch some time ago but no, this was not it.
Previously I have had similar problems and found that the mbstring php module was either missing or corrupted on the server. Again these were fine.
I checked seemingly endless code and template files to the point where no differences were there…same issue. This lead me to comparing server settings one at a time between the old and new server…
After many hours of despair this is what I found – it seems that you cannot safely use a content-security-policy (CSP) with Magento 1.x .
As part of the new server setup something akin to this
Header set Content-Security-Policy “default-src ‘self’ *.google.com; connect-src ‘self’ *.google.com; style-src ‘self’ ‘unsafe-inline’; script-src ‘self’….etc.
I tried adding the unsafe-inline and unsafe-eval source values (effectively making the CSP pointless in many ways) but still no luck. Had to disable it.
So even though all the website testing tools say to use a CSP….can’t do it here. Annoyingly most of the rest of the site seems to work. *Sigh*
Hope this helps. If you find this page and it is helpful please leave a comment to let me know or feel free to buy me a beer.
Will be starting work on Magento 2 shortly so that should provide fodder for many new anguish-based posts.