Integrating Mailchimp embeded form with an SSL website - ssl

I am trying to integrate a Mailchimp sign up form with my website. I generated the form in Mailchimp and copied the embed code to my site. The problem is that my site has an SSL certificate and when my potential clients try to sign up to my mailing list it gives them a security warning (in firefox) saying:
"Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information"
Is there any way to avoid getting this warning?
Thank you very much for any help.

I was also facing the same problem using default embed code provided by mailchimp, but that wasn't working on SSL site.
So after Googling for solution i found this link:
Stop MailChimp Forms Breaking Your SSL
https://www.ostraining.com/blog/coding/mailchimp-forms-ssl/
and it wasn't a big problem simply need to change the url from list-manage1.com to "list-manage.com"
simply need to test after removing 1 from the list-manage1.com and it worked fine after that.
It also works fine for post-json embed urls.

Short answer. No
Longer answer. No, you are stuck with that warning. You are posting to an unsecured site from a secured site and the user will get this notification.

It's more work than a simple embed, but you can do this using the MailChimp API which has support for SSL. See the section entitled HTTPS / Secure Connections in the API docs.

You can edit the form Mailchimp provide to embed so that it uses https and not http in the action url.

Related

Phalcon 3 and Swift Mailer

I want to integrate Swift Mailer in Phalcon 3 using dependency injection. I have already seen various ways to do solve this issue in Phalcon and Phalcon 2.
It would be great if you can help me with this issue.
Use https://github.com/phalcon-ext/mailer and follow its instruction and you will get a working solution to send emails through Swift Mailer in Phalcon 3.
That being said there were a few issues which I had to tackle to get things up. So here is a list of changes that you have to make on your end:
If you are going to use smtp then change the port to 587 and encryption to tls
Apart from it you are going to face error from google and it will send a security alert to attached gmail id. In the security email which I received; I clicked on allowing access to less secure apps
And then it took me to a google sign-in page where I was able to lower security by allowing less secure apps to access my gmail account.
There might be a better way to send email without lowering security access. If you find one then please let me know.
The github page says to add in your code require_once('vendor/autoload.php'); you can do it in index.php located inside the public folder.

Can a Google Search Appliance that doesn't have a digital certificate scan sites that are SSL enabled?

HTTPS has been enabled on a site and the Google Search Appliance now isn't able to crawl or access the site. My tech team can't figure out what is the issue and I haven't been able to find a definitive solution. Any help you can provide would be appreciated. Thx.
You should receive an error when using Real-time diagnostics but the best way, I've seen, is to use the "Forms Authentication" setup page.
Configure the sample URL to point to your site's home page and set the pattern to be the root URL for your site.
When you click "create" an SSL link will try to be created and you'll likely receive an error back at this point.
My guess is that the certificate on the web site may not be 'perfect' (the GSA is less forgiving than browsers are).

is it normal to have a warnings from browser when using piggyback ssl on heroku

This is just a quick question really for my own peace of mind more than anything.
When accessing an app hosted on Heroku through https://myapp.herokuapp.com I get a warning in Google Chrome and Firefox (but not Safari) along the lines of:
You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party.
I don't really want to pay the $20 a month for the SSL-Endpoint addon and was just wondering why these warnings appear and whether there was a way around it/how to find the content that is unencrypted.
I have tried both with and without config.force_ssl = true
Any suggestions? Any help would be appreciated
Turns out that this was an issue with a request from Google maps.
As far as I can remember, they changed their API to allow access over https:// after we began development.
It was simply a case of following the new process that was documented on the Google API page

SSL Certificate Site Issue - Google Analytics?

I have a website which has an SSL certificate installed. If I navigate to the site via https://www.[MY-SITE].com then it flashes up in Chrome for a second with a green https:// indication. Then it greys out and shows the message that the site is loading up insecure content.
Some of the links on the site are still the old http:// versions but it isn't actually loading anything from the files it is linking to. One thing I thought of was that I don't have access to change the Google Analytics code to the https:// so it is still on the http:// in the admin settings on Google. Would this be the issue?
Thanks,
Jack
It may occur mistakes I think. I just search out some post from web regarding your queries.
please read this link :
http://blogoscoped.com/archive/2007-12-13-n83.html
http://code.google.com/p/r-google-analytics/issues/detail?id=1
I hope it will be helpful for you.

Security warnings in Facebook Connect

I'm hoping this is just a bug on Facebook's end that will be fixed soon, but in my Facebook Connect app I'm launching the dialogue FB provides to make a post. This dialogue is launched on a page with an SSL connection. In this dialogue the profile pic for some users comes up with a security warning while others display correctly. I'm already setup to use Facebook's SSL javascript file instead of the HTTP file.
This is a bug at Facebook, but there's a work-around. When you use Facebook Connect to show a profile pic, you must set facebook-logo="false" on the fb:profile-pic FBML tag. (Note: the default is "true"). If you do this, and follow the instructions at facebook for using ssl, then the profile pic will be served using the correct protocol. If you leave it set to "true", then you always get the profile pics over http.
The bug is reported at http://bugs.developers.facebook.com/ as issue 5507 and possibly 7072 and 8485.
Also check whether you are serving the xd_receiver under ssl. The debugging hint at the bottom of this page can help you find if there are requests going to facebook other than the pictures which might not be SSL, thus confusing their determination of whether the page is under ssl: http://wiki.developers.facebook.com/index.php/Facebook_Connect_Via_SSL
I would use fiddler and see if there are other requests going to facebook which are not ssl, that will probably give you an indication of what is being missed, or if it is a bug.