External Redirect Deprecated

  • Resolved Gabor Lippert

    (@lunule)


    3 years, 1 month ago

    There was another thread started to get help with this problem, but that thread has been closed without an actual solution.

    Problem description:

    The following notice is displayed on the wp-admin/admin.php?page=wc-settings&tab=products&section=downloadable page when the saved dropdown value is Redirect only (insecure):

    Your store is configured to serve digital products using “Redirect only” method. This method is deprecated, please switch to a different method instead.
    If you use a remote server for downloadable files (such as Google Drive, Dropbox, Amazon S3), you may optionally wish to “allow using redirects as a last resort”. Enabling that and/or selecting any of the other options will make this notice go away.

    BUT – if the downloadable product link is a direct download link pointing to a OneDrive folder, the only File Download Method that actually works is above-mentioned redirect-only method.

    Both the other methods result in the filename and extension getting lost – as a result, the customer sees that something started to download, and this something is a suspicious, no-name, no-extension package.

    In the other, already-closed thread the official WC support info was the following:

    Apologies that the notice made things confusing. We’ll update it in the next release.

    And this is a 1 year 7 months old reply, and the notice is still there.

    So – can you help me with updated information about what is the official WooCommerce plan with this method and the notice?

    If there’s a risk that the method will be completely removed later, what alternative solution do you recommend?

    Or will there be a specific list WooCommerce shop owners and developers will be forced to use because storage services not being part of this list can’t practically be used as storage servers for downloadable products?

    Thanks in advance for your help.

    • This topic was modified 3 years, 1 month ago by Gabor Lippert. Reason: correction of the problem description
    • This topic was modified 3 years, 1 month ago by Gabor Lippert. Reason: correction of the problem description
Viewing 5 replies - 1 through 5 (of 5 total)
  • Mirko P.

    (@rainfallnixfig)

    Hi @lunule,

    Your store is configured to serve digital products using “Redirect only” method. This method is deprecated, please switch to a different method instead.

    I remember having the same warning message with old WooCommerce versions, but it’s no longer displayed with the latest version (5.8.0). Have you already updated and checked if you still see the warning?

    You’ll notice that the Redirect Only method is labeled as “insecure.” To clarify, it’s insecure because it makes it so that anyone with the file URL for a download associated with a product can use that URL to access that file even if they haven’t purchased the product that grants them access.

    The other methods do a better job of preventing this. In that case, you might want to use a download manager to add a level of security and try some of these: https://www.ads-software.com/plugins/search/download+manager/.

    Thanks.

    Thread Starter Gabor Lippert

    (@lunule)

    Hi Mirko,

    We use WooCommerce 5.8.0, and the message is there, it’s displayed at the top of the WC Settings page.

    Also, I know why this method is labeled “insecure” – but, as the other user submitting this issue earlier stated, this is the only method that works with direct download links.

    If we changed to another download method, we would have two options, both leading to some download or user experience problems:

    Option 1: we keep the direct download links. Result: the download file loses its name and extension, and becomes a very suspicious, malware-like download something.

    Option 2: we change the direct download links to the official share links – but these link versions point to preview pages actually, which is a huge user experience issue because neither Google Drive nor Microsoft’s OneDrive can generate previews from large files such as videos. Result: the user who wants to download her product, gets redirected to a preview page where there’s no preview. Totally confusing.

    That’s why we can’t change – changing the download method would lead to tons of missed sales opportunities and huge conversion problems.

    Currently, we still can use the method labeled “insecure”, and, as this is the only method that actually works with large files and direct download links, we intend to keep this setting.

    That’s why my question is still the same: do you (or anyone else in the team) have official information about the WooCommerce plans regarding this method? Deprecated features are usually labeled deprecated because there’s a plan to remove them or replace them with something else. And, if there’s a risk that we lose this only functional download method, we would rather look for another e-commerce solution in this early phase of the site development.

    Thanks,
    Gabor

    Mike W

    (@nixiack8)

    Hi @lunule,

    Thank you for the detailed replies here! 

    That’s why we can’t change – changing the download method would lead to tons of missed sales opportunities and huge conversion problems.

Currently, we still can use the method labeled “insecure”, and, as this is the only method that actually works with large files and direct download links, we intend to keep this setting.

That’s why my question is still the same: do you (or anyone else in the team) have official information about the WooCommerce plans regarding this method?

    When dealing with secure/not secure links, it is usually up to the Host/server how it is allowed to be done – most of the time the ‘insecure’ method does work as the secure options require some more work server side. The most up to date docs do cover this:

    https://woocommerce.com/document/digital-downloadable-product-handling/

    This is where some plugins can come in handy, such as the Download Manager: https://www.ads-software.com/plugins/search/download+manager/ which was suggested earlier. Another is the Amazon S3 storage area: https://woocommerce.com/products/amazon-s3-storage/

    Hope this helps!

    Thread Starter Gabor Lippert

    (@lunule)

    Hi Mike,

    Thanks for your reply – I think we keep using the OneDrive solution with the insecure link option as far as WooCommerce allows us to do so.

    And, in case the insecure link option gets removed by the WooCommerce dev team, the Amazon S3 solution you recommend can be a good alternative.

    Mirko P.

    (@rainfallnixfig)

    Hi @lunule,

    That sounds like a plan! Regarding the deprecation message, you won’t have to worry when files are hosted on third-party services like One Drive, the redirect is only being deprecated when files are hosted on the same server.

    Feel free to create a new topic if you need assistance with anything else.

    Cheers.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘External Redirect Deprecated’ is closed to new replies.