windows security warning SSL to NONSSL wehn using forms

[JSR]

Does anyone here recognize this issue?

When I move from SSL to NONSSL while posting forms I get this windows security warning in my shop.

It basically insinuates that although this page is encrypted it would be wise not to proceed as the information admitted can be read by anyone on the net. Scaring the hell out of my customers I should think.

For the life of me I can not find the bug that causes this to happen.

It only happens in Firefox, not in IE7 :blink:

[satish]

Does anyone here recognize this issue?

When I move from SSL to NONSSL while posting forms I get this windows security warning in my shop.

It basically insinuates that although this page is encrypted it would be wise not to proceed as the information admitted can be read by anyone on the net. Scaring the hell out of my customers I should think.

For the life of me I can not find the bug that causes this to happen.

It only happens in Firefox, not in IE7 :blink:

Make sure that on a SSL page the form post goes to a ssl page.

 

Satish

[JSR]

Thanks for replying, Satish!

That's already happening for 'regular' forms (account pages, login), but the manufacturers drop down box is actually the main problem here. Choosing from this box while on an SSL page, triggers the security warning.

Do you have any idea of why this could happening? Strange, I never had any problems with it before.

[satish]

Just make sure the post goes to an SSL page.

 

Satish

[germ]

I have replicated the problem and solved it with these minor code changes:

 

/catalog/includes/boxes/manufacturers.php

 

Old code:

 

        $manufacturers_list .= '<a href="' . tep_href_link(FILENAME_DEFAULT, 'manufacturers_id=' . $manufacturers['manufacturers_id'][b][color="#FF0000"], $request_type[/color][/b]) . '">' . $manufacturers_name . '</a><br>';

Old code:

 

      $info_box_contents[] = array('form' => tep_draw_form('manufacturers', tep_href_link(FILENAME_DEFAULT, '', [b][color="#FF0000"]$request_type[/color][/b], false), 'get'),

The added or modified portion of the code is in RED

 

BACKUP THE FILE BEFORE EDITING IT!!!!

 

All this does is what Satish said to do - if the page is SSL, the form is too.

;)

[JSR]

Thanks so much germ!! I've actually had to edit the request type to redirect smoothly for several contributions.

But since I've never experienced this problem with the manufacturers before and because it was only happening in FF not in IE, I never checked inside the box and just assumed the problem might be located in the latest FF update or....

Just goes to show: thinking OUTSIDE the box isn't always the best way to go <_<

[tigergirl]

I successfully implemented the fix posted (well, had to view the google cached version of the page as the new site design doesn't let me view the code properly) on includes/boxes/manufacturers and includes/boxes/search - thanks for the code Germ :)

 

I am struggling to fix the same issue which occurs on product_reviews_write if you are logged out and click to write the review you log in and the page is SSL and you get the error. If you are already logged in when you start to right the review it is not an SSL page and there is not error warning.

 

How do I fix this please?

 

Thanks