Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1
    Join Date
    Feb 2012
    Posts
    16
    Plugin Contributions
    0

    Default Form is not secure. Autofill has been turned off

    https://www.bellinigirl.com/

    I have had issues with both my url and zen secretadmin pages being not secure for the last few days. I have been reading all through the forum trying to figure it out and I can't. My web developer no longer does this work. I am trying to figure this out on my own. I have been emailing with my hosting company. My hosting company said they have switched my traffic to https and now the padlocks are back on both sites. BUT, Now when i go into admin, catalogs, products, edit and try to type in the description box it says:This form is not secure. Autofill has been turned off. in red. when i try to preview my page I get the same error message I would get when my urls were not secure: The Information you are about to submit is not secure. Could I please get help! :)

  2. #2
    Join Date
    Feb 2012
    Posts
    16
    Plugin Contributions
    0

    Default Re: Form is not secure. Autofill has been turned off

    My hosting company said
    I was able to replicate the issue. From what is currently done the SSL is up and running and all the required SSL redirects are in place. The config file for the site is updated to use the SSL. From what I could research It's because the page is encrypted (HTTPS) and the submit form isn't (HTTP). I have tried a few things but to no avail.

    Does anyone know how to encrypt the submit form to HTTPS?

  3. #3
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    10,816
    Plugin Contributions
    80

    Default Re: Form is not secure. Autofill has been turned off

    Noting that zc151 is very, very old ... but you might try setting (for both the /admin/includes/configure.php and the /includes/configure.php) both the HTTP_SERVER and HTTPS_SERVER settings to use https:// protocol.

    I'm guessing that your HTTP_SERVER settings are as define('HTTP_SERVER', 'http://bellinigirl.com') and am suggesting that you change that to define('HTTP_SERVER', 'https://bellinigirl.com);

    Remember, too, that the storefront version of that file is going to be marked read-only!

  4. #4
    Join Date
    Feb 2006
    Location
    Tampa Bay, Florida
    Posts
    8,216
    Plugin Contributions
    111

    Default Re: Form is not secure. Autofill has been turned off

    That Software Guy. My Store: Zen Cart Modifications
    Available for hire - See my ad in Services
    Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.
    Do you benefit from Zen Cart? Then please support the project.

  5. #5
    Join Date
    Feb 2012
    Posts
    16
    Plugin Contributions
    0

    Default Re: Form is not secure. Autofill has been turned off

    Thanks - i don't know if the storefront version is marked read only being good or bad ? I apologize for my ignorance.

    I do have a secured SSL certificate

    I included some snipet of code in my htaccess file through my cpanel that helped stop the additional screen coming up when I click within zencart to "update" or "save" after i edit. but I'm still getting "This form is not secure. Autofill has been turned off" when I try to edit any of the products.

    here's the code i added to the top of my htaccess file through cpanel- and saved.

    <IfModule mod_headers.c>
    Header always set Content-Security-Policy "upgrade-insecure-requests;"
    </IfModule>

    I'm in the USA, There's a UK Flag icon next to certain boxes within my zencart.(product, product description) And my hosting company thinks that may be an issue?

    The hosting co. had emailed the following:

    We have verified the mixed content error is not longer showing up. I've checked several search results. Chrome does some background checking to determine if it thinks a form is secure; this can be either SSL or code related. We noticed an insecure image on the page that's not being mentioned scan we did.



    It's the language icon next to the form. This might be what is triggering Chrome to flag it as insecure however, we were unable to confirm that. We even tested by overriding the HTML with a secure link and it was fine. Therefore it could be something in how the code is designed. It could also be that there are many http:// links on the page, and these are being upgraded by security policy, though it cannot be verified if they are still considered insecure for sending data.

    Bottom line, what else should I do to secure my site so i can get back up and running.
    thanks!!!!!!!!!!!!!!!!

  6. #6
    Join Date
    Feb 2012
    Posts
    16
    Plugin Contributions
    0

    Default Re: Form is not secure. Autofill has been turned off

    my hosting company also told me my version of cpanel is cPanel/CentOS 7 server

  7. #7
    Join Date
    Feb 2012
    Posts
    16
    Plugin Contributions
    0

    Default Re: Form is not secure. Autofill has been turned off

    This code is from my public_html/includes/configure.php. I am not certain if this is the "/admin/includes/configure.php" you requested or the "/includes/configure.php". Perhaps you could please tell me how to find the location of both and which one my public_html is...I copied a portion of the code that has http in it. Should I change ALL instances of http to https? Thank you kindly

    /**
    * @package Configuration Settings circa 1.5.1
    * @copyright Copyright 2003-2012 Zen Cart Development Team
    * @copyright Portions Copyright 2003 osCommerce
    * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
    * File Built by zc_install on 2013-10-09 07:36:35
    */


    /*************** NOTE: This file is similar, but DIFFERENT from the "admin" version of configure.php. ***********/
    /*************** The 2 files should be kept separate and not used to overwrite each other. ***********/

    // Define the webserver and path parameters
    // HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
    // HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
    define('HTTP_SERVER', 'http://bellinigirl.com');
    define('HTTPS_SERVER', 'https://bellinigirl.com');

    // Use secure webserver for checkout procedure?
    define('ENABLE_SSL', 'true');

    // NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
    // * DIR_WS_* = Webserver directories (virtual/URL)
    // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
    define('DIR_WS_CATALOG', '/');
    define('DIR_WS_HTTPS_CATALOG', '/');

    define('DIR_WS_IMAGES', 'images/');
    define('DIR_WS_INCLUDES', 'includes/');
    define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
    define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
    define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
    define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
    define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');
    define('DIR_WS_TEMPLATES', DIR_WS_INCLUDES . 'templates/');

    define('DIR_WS_PHPBB', '/');

  8. #8
    Join Date
    Feb 2012
    Posts
    16
    Plugin Contributions
    0

    Default Re: Form is not secure. Autofill has been turned off

    thank you

  9. #9
    Join Date
    Feb 2012
    Posts
    16
    Plugin Contributions
    0

    Default Re: Form is not secure. Autofill has been turned off

    where might i find that file HTTP_SERVER?

  10. #10
    Join Date
    Feb 2012
    Posts
    16
    Plugin Contributions
    0

    Default Re: Form is not secure. Autofill has been turned off

    Quote Originally Posted by lat9 View Post
    Noting that zc151 is very, very old ... but you might try setting (for both the /admin/includes/configure.php and the /includes/configure.php) both the HTTP_SERVER and HTTPS_SERVER settings to use https:// protocol.

    I'm guessing that your HTTP_SERVER settings are as define('HTTP_SERVER', 'http://bellinigirl.com') and am suggesting that you change that to define('HTTP_SERVER', 'https://bellinigirl.com);

    Remember, too, that the storefront version of that file is going to be marked read-only!
    i am sorry. i think i've really confused myself. I believe what you are saying is to add an "s" right after 'http to the FIRST line that reads...define('HTTP_SERVER', 'http://bellinigirl.com'); so that both HTTP servers have an "s" after http?


    define('HTTP_SERVER', 'http://bellinigirl.com');
    define('HTTPS_SERVER', 'https://bellinigirl.com');

    // Define the webserver and path parameters
    // HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
    // HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
    define('HTTP_SERVER', 'http://bellinigirl.com');
    define('HTTPS_SERVER', 'https://bellinigirl.com');

 

 
Page 1 of 3 123 LastLast

Similar Threads

  1. Replies: 6
    Last Post: 28 Apr 2021, 11:13 PM
  2. Replies: 4
    Last Post: 20 Oct 2013, 07:27 AM
  3. Replies: 9
    Last Post: 11 Mar 2012, 05:38 AM
  4. Column Boxes, onces turned off cannot be turned on
    By nibblebot in forum Basic Configuration
    Replies: 1
    Last Post: 17 Jun 2009, 07:23 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR