Firefox SSL security warning

[ironwoodknives]

Wrong...it is now 2009 and guess what? ITS BACK

Yes this is a FF issue,
however there has already been a fix put out,
and net has it in place, No more errors

[need_help]

As an addition to this thread, the "add this to my cart" button brings up this FireFox notification when it is clicked from a secure page.

I've added a few direct links to products from my home page, so after someone logs in, they might click one of these links, view the product on a secure page, click the "add this to my cart" button, and get the warning notice. Not very reassuring...

I have seen this issue and it should be fixed.

[need_help]

This is an issue i have found.

I am using the login/create account sidebox module from the downloads section.

View a product and then return to the main page. Login from the main page and you then get returned to the last product you were viewing. Now click add to cart and the product info page turns into an https one and you get the error message "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information"?

Real bad and possibly related to the easy login sidebox i have installed.

[Ajeh]

Try this ...

Go to a Product ...

Look at your URL and login with the sidebox ...

Look at the URL ... is it secure?

If so, what is happening is attempting a submit from a secure page to a non-secure page which will trigger the this ...

You will notice the same error if you try to use anything with a submit ...

Without re-writting the code, you will continue to get this as it is a normal action from secure to non-secure ...

Without going through the code, I cannot tell you all of the changes that you might need to alter security behavior on the browser ...

While this isn't a bug ... it is obnoxious and we are working on managing the secure to non-secure issues that arise from the browser stand point in v2.0 ...

It can be updated in any version, but it does take time to go through the code and update everything ...

[Ajeh]

NOTE: post #19 I listed a number of the things that need to be altered to eliminate these problems with secure to non-secure browser issues ...

[need_help]

I have just checked to see if Internet Explorer does this but it's fine with that or at least Internet Explorer 7 and 8.

So i guess it's just Firefox and the Opera browsers which are the issue at least for me.

With Internet Explorer when i do the exact same actions as in Firefox and Opera it sends me to the shopping cart page without any unsecure messages.

I can't remember if i actually switched on this message from the tools and options and security bar in Firefox. If you have to turn it on then most people probably don't and so it's not as bad as i first thought.

I saw the fix on page 19 but that's a lot of work and i would probably mess something up.

Any chance of having a step by step instruction on all the pages in the tutorial/faq section as i would then attempt it.

[need_help]

I think the two biggest issues for me would be fixing it so the search and Add to cart don't show this message any more.

If there is a fix for those two i can live happier.

[Ajeh]

Change the settings on the submit form statement so that it uses the current $request_type vs the NONSSL or SSL or none in the form tag itself format ...

[need_help]

Change the settings on the submit form statement so that it uses the current $request_type vs the NONSSL or SSL or none in the form tag itself format ...

Could you walk me through that and tell me what file to edit and what i should put in the file and replace ?

Thanks.

[Website Rob]

Funny, it is now 2009! and this is STILL BROKEN! Unbelievable that 2 years later I just enabled SSL on Zen and it is driving me crazy as EVERY PAGE that has ssl enabled is popping up this message. It is the dumbest thing I've ever heard of, this whole thread is dumb, JUST FIX THE DAMN BUG and quit saying "ITS NOT A BUG" of course its a BUG if it annoys the hell out of me and my customers and conversely YOUR CUSTOMERS then it is a BUG and needs to be fixed BY YOU so that I am not forced (again 2 YEARS LATER) to have to go through EVERY damn form within YOUR application and do your job for you by modifying the code.

When a person starts making custom changes to a script and does not bother to validate and/or check their work, then it is easy to see where and when some of the problems were created.

Fix your own, self-created errors, then come back if still having a problem. People who live in glass houses should not throw rocks and all that good stuff.