Form is not secure. Autofill has been turned off
https://www.bellinigirl.com/
I have had issues with both my url and zen secretadmin pages being not secure for the last few days. I have been reading all through the forum trying to figure it out and I can't. My web developer no longer does this work. I am trying to figure this out on my own. I have been emailing with my hosting company. My hosting company said they have switched my traffic to https and now the padlocks are back on both sites. BUT, Now when i go into admin, catalogs, products, edit and try to type in the description box it says:This form is not secure. Autofill has been turned off. in red. when i try to preview my page I get the same error message I would get when my urls were not secure: The Information you are about to submit is not secure. Could I please get help! :):(
Re: Form is not secure. Autofill has been turned off
My hosting company said
I was able to replicate the issue. From what is currently done the SSL is up and running and all the required SSL redirects are in place. The config file for the site is updated to use the SSL. From what I could research It's because the page is encrypted (HTTPS) and the submit form isn't (HTTP). I have tried a few things but to no avail.
Does anyone know how to encrypt the submit form to HTTPS?
Re: Form is not secure. Autofill has been turned off
Noting that zc151 is very, very old ... but you might try setting (for both the /admin/includes/configure.php and the /includes/configure.php) both the HTTP_SERVER and HTTPS_SERVER settings to use https:// protocol.
I'm guessing that your HTTP_SERVER settings are as define('HTTP_SERVER', 'http://bellinigirl.com') and am suggesting that you change that to define('HTTP_SERVER', 'https://bellinigirl.com);
Remember, too, that the storefront version of that file is going to be marked read-only!
Re: Form is not secure. Autofill has been turned off
Re: Form is not secure. Autofill has been turned off
Thanks - i don't know if the storefront version is marked read only being good or bad ? I apologize for my ignorance.
I do have a secured SSL certificate
I included some snipet of code in my htaccess file through my cpanel that helped stop the additional screen coming up when I click within zencart to "update" or "save" after i edit. but I'm still getting "This form is not secure. Autofill has been turned off" when I try to edit any of the products.
here's the code i added to the top of my htaccess file through cpanel- and saved.
<IfModule mod_headers.c>
Header always set Content-Security-Policy "upgrade-insecure-requests;"
</IfModule>
I'm in the USA, There's a UK Flag icon next to certain boxes within my zencart.(product, product description) And my hosting company thinks that may be an issue?
The hosting co. had emailed the following:
We have verified the mixed content error is not longer showing up. I've checked several search results. Chrome does some background checking to determine if it thinks a form is secure; this can be either SSL or code related. We noticed an insecure image on the page that's not being mentioned scan we did.
It's the language icon next to the form. This might be what is triggering Chrome to flag it as insecure however, we were unable to confirm that. We even tested by overriding the HTML with a secure link and it was fine. Therefore it could be something in how the code is designed. It could also be that there are many http:// links on the page, and these are being upgraded by security policy, though it cannot be verified if they are still considered insecure for sending data.
Bottom line, what else should I do to secure my site so i can get back up and running.
thanks!!!!!!!!!!!!!!!!
Re: Form is not secure. Autofill has been turned off
my hosting company also told me my version of cpanel is cPanel/CentOS 7 server
Re: Form is not secure. Autofill has been turned off
This code is from my public_html/includes/configure.php. I am not certain if this is the "/admin/includes/configure.php" you requested or the "/includes/configure.php". Perhaps you could please tell me how to find the location of both and which one my public_html is...I copied a portion of the code that has http in it. Should I change ALL instances of http to https? Thank you kindly
/**
* @package Configuration Settings circa 1.5.1
* @copyright Copyright 2003-2012 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* File Built by zc_install on 2013-10-09 07:36:35
*/
/*************** NOTE: This file is similar, but DIFFERENT from the "admin" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/
// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
define('HTTP_SERVER', 'http://bellinigirl.com');
define('HTTPS_SERVER', 'https://bellinigirl.com');
// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'true');
// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');
define('DIR_WS_TEMPLATES', DIR_WS_INCLUDES . 'templates/');
define('DIR_WS_PHPBB', '/');
Re: Form is not secure. Autofill has been turned off
Re: Form is not secure. Autofill has been turned off
where might i find that file HTTP_SERVER?
Re: Form is not secure. Autofill has been turned off
Quote:
Originally Posted by
lat9
Noting that zc151 is very, very old ... but you might try setting (for both the /admin/includes/configure.php and the /includes/configure.php) both the HTTP_SERVER and HTTPS_SERVER settings to use https:// protocol.
I'm guessing that your HTTP_SERVER settings are as define('HTTP_SERVER', 'http://bellinigirl.com') and am suggesting that you change that to define('HTTP_SERVER', 'https://bellinigirl.com);
Remember, too, that the storefront version of that file is going to be marked read-only!
i am sorry. i think i've really confused myself. I believe what you are saying is to add an "s" right after 'http to the FIRST line that reads...define('HTTP_SERVER', 'http://bellinigirl.com'); so that both HTTP servers have an "s" after http?
define('HTTP_SERVER', 'http://bellinigirl.com');
define('HTTPS_SERVER', 'https://bellinigirl.com');
// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
define('HTTP_SERVER', 'http://bellinigirl.com');
define('HTTPS_SERVER', 'https://bellinigirl.com');
Re: Form is not secure. Autofill has been turned off
Right, both HTTP_SERVER definition (admin and storefront) should read:
Code:
define('HTTP_SERVER', 'https://bellinigirl.com');
Re: Form is not secure. Autofill has been turned off
Quote:
Originally Posted by
swguy
could I pay someone to do this for me? I can't find both /admin/includes/configure.php and the /includes/configure.php) I can only locate one file that follows includes/configure.php and it's from following this from my cpanel:
public_html/includes/configure.php.
is this the file I am to add the new coding?
2 Attachment(s)
Re: Form is not secure. Autofill has been turned off
Quote:
Originally Posted by
lat9
Right, both HTTP_SERVER definition (admin and storefront) should read:
Code:
define('HTTP_SERVER', 'https://bellinigirl.com');
I would like to confirm the two locations where I am to change before I change it.
The instructions say to change both the /includes/configure.php and /YOURADMIN/includes/configure.php.
and I THINK I found them but not sure so I want to paste screenshots of the file path in my cpanel and hopefully get feedback from you very smart people before i do it.:smile:
Attachment 19846
Attachment 19847
Hopefully you can see these.
Re: Form is not secure. Autofill has been turned off
Quote:
Originally Posted by
peachi
I would like to confirm the two locations where I am to change before I change it.
The instructions say to change both the /includes/configure.php and /YOURADMIN/includes/configure.php.
and I THINK I found them but not sure so I want to paste screenshots of the file path in my cpanel and hopefully get feedback from you very smart people before i do it.:smile:
Attachment 19846
Attachment 19847
Hopefully you can see these.
You found them! Now, also change the name (if you didn't already) of your secretadmin!
Re: Form is not secure. Autofill has been turned off
Quote:
Originally Posted by
peachi
I would like to confirm the two locations where I am to change before I change it.
The instructions say to change both the /includes/configure.php and /YOURADMIN/includes/configure.php.
and I THINK I found them but not sure so I want to paste screenshots of the file path in my cpanel and hopefully get feedback from you very smart people before i do it.:smile:
Attachment 19846
Attachment 19847
Hopefully you can see these.
Quote:
Originally Posted by
lat9
You found them! Now, also change the name (if you didn't already) of your secretadmin!
yay! oh! i have to change the name of my secret admin to YOURADMIN?
Re: Form is not secure. Autofill has been turned off
No - that's just an example. You will need to create a new name for secretadmin. Any string of digits and letters will do.
Re: Form is not secure. Autofill has been turned off
Quote:
Originally Posted by
swguy
No - that's just an example. You will need to create a new name for secretadmin. Any string of digits and letters will do.
ok thank you i will do that
Re: Form is not secure. Autofill has been turned off
Quote:
Originally Posted by
swguy
No - that's just an example. You will need to create a new name for secretadmin. Any string of digits and letters will do.
oh i was not able to change the name of "secretadmin" . There is no rename file options. hmmm
Re: Form is not secure. Autofill has been turned off
Quote:
Originally Posted by
lat9
noting that zc151 is very, very old ... But you might try setting (for both the /admin/includes/configure.php and the /includes/configure.php) both the http_server and https_server settings to use https:// protocol.
I'm guessing that your http_server settings are as define('http_server', 'http://bellinigirl.com') and am suggesting that you change that to define('http_server', 'https://bellinigirl.com);
remember, too, that the storefront version of that file is going to be marked read-only!
it worked!!!! It worked !! It worked! Thank you thank you thank you!!!!
Re: Form is not secure. Autofill has been turned off
Quote:
Originally Posted by
peachi
it worked!!!! It worked !! It worked! Thank you thank you thank you!!!!
:clap:Woo-hoo! You're very welcome.
Re: Form is not secure. Autofill has been turned off
Quote:
Originally Posted by
swguy
No - that's just an example. You will need to create a new name for secretadmin. Any string of digits and letters will do.
I successfully changed both files and added an "s" and IT WORKED IT WORKED!!!!!!! THANK YOU!!! like i said i was not able to change secretadmin but i was able to fix the errors that were coming up in Red saying "This form is insecure. Auto-fill has been turned off". Yay!!!!!!!!
Re: Form is not secure. Autofill has been turned off
Changing secretadmin in post 1.5 versions of Zen Cart is just a matter of renaming the folder from the old name to a new name (a string of random digits and numbers). Try it again. Your FTP client or File Manager in cPanel both allow renaming with a right click.
