We want to make your Shop safer and faster. If you have integrated your Spreadshops with Javascript, you will no longer be able to have access through the HTTP protocol. Access to your Shop will need to be established through HTTPS.
Why are we switching to HTTPS?
We want to make our entire platform more secure while improving the loading times of your Spreadshop. We’ll achieve this by adding all Spreadshirt and Spreadshop domains to the so-called “HSTS preload list“. This concerns your Shop as it is run on a Spreadshirt domain.
It’s going to get that little bit technical when explaining why we are doing this. Apologies! We’ve been redirecting website requests on our own servers from HTTP to HTTPS in the past. For technical reasons, we had to include a CORS-Header while redirecting HTTP to HTTPS on the server. This was necessary to make Javascript work in integrated shops. The CORS headers won’t be available anymore after the switch, meaning all Shops integrated with Javascript that use HTTP will no longer function properly.
This is why it is necessary that all Shops integrated with Javascript change their protocol from HTTP to HTTPS.
What do I have to do?
If you’ve integrated your Shop in your WordPress website by means of a the Spreadshop plugin, all you need to do is update the plugin. If you’ve integrated your Shop with Javascript, simply replace the old code with the new one directly on your website:
Old code:
<p> <script type="94b6ffd88c5658e95d03a9ec-text/javascript"> var spread_shop_config = { shopName: 'SpreadShop', locale: 'us_US', prefix: '//shop.spreadshirt.com', baseId: 'myShop' }; </script> </p> <p> <script type="94b6ffd88c5658e95d03a9ec-text/javascript" src="//shop.spreadshirt.com/shopfiles/shopclient/shopclient.nocache.js"></script> </p>
New code:
<p> <script type="94b6ffd88c5658e95d03a9ec-text/javascript"> var spread_shop_config = { shopName: 'SpreadShop', locale: 'us_US', prefix: 'https://shop.spreadshirt.com', baseId: 'myShop' }; </script> </p> <p> <script type="94b6ffd88c5658e95d03a9ec-text/javascript" src="https://shop.spreadshirt.com/shopfiles/shopclient/shopclient.nocache.js"></script> </p>
This is easy
All you need to do is add an “https:” in front of the Shop URL to set up your Shop for the future. Please note that there are two places where “https:” needs to be added:
- the prefix and
- the embedded script.
As of January 1st, 2021 we’ll start adding all Spreadshirt domains to the HSTS preload list. Once included, Spreadshirt domains will only respond to HTTPS. This will spell an end to old HTTP integrations – they’ll get deactivated. Shops integrated with Javascript will then no longer be accessible.
If you have questions about the topic, leave us a comment.