This is just a quick question really for my own peace of mind more than anything.
When accessing an app hosted on Heroku through https://myapp.herokuapp.com I get a warning in Google Chrome and Firefox (but not Safari) along the lines of:
You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party.
I don't really want to pay the $20 a month for the SSL-Endpoint addon and was just wondering why these warnings appear and whether there was a way around it/how to find the content that is unencrypted.
I have tried both with and without config.force_ssl = true
Any suggestions? Any help would be appreciated
Turns out that this was an issue with a request from Google maps.
As far as I can remember, they changed their API to allow access over https:// after we began development.
It was simply a case of following the new process that was documented on the Google API page
Related
I privately host a site for my family that uses the Google Spreadsheets API (readonly). I received an email from google looking to "Remove risky access to your data". My site is listed with a warning:
I've gone through the verification process (filling out this form: https://support.google.com/code/contact/oauth_app_verification) but got the response that if the site is used privately "you don't need to go through the verification process". They state this in their FAQ also: OAuth Developer Verification Form FAQ.
However, the site still shows a warning in Google's security check-up. I can ignore this but I think other family members will be worried unnecessarily OR ignore future warnings about other apps assuming it's the family one they normally ignore.
Is there a way to verify myself as a developer of a private site or mark the access as trusted so the warning doesn't recur?
I ended up making my site public and going through the usual verification process.
Not really an answer, but rather to flag that this is an issue my dilemma as well. Although I run time-based Google Script within an organization. I've contacted folks at the Google Cloud Platform and they have opened a case. However, here is something interesting I've stumbled across just now. Go to your Google account and do Security Checkup
After the checkup your screen might be showing something like this
Try clicking "Dismiss" to prevent Google from removing your app.
I'm just testing it myself and if in an hour (that's how long it usually takes Google to remove your own script from the list of self-authorized apps with access to account info) Google won't remove it, I guess it would work for me!
Some people have asked questions like this, but none of them are answered for some reason, so I am asking again:
I have created a new facebook app and created a basic HTML page, the contents of which are copied from the "authentication" sample on the Facebook developers site. I am always getting an "Operation Timed Out" message in the middle of the canvas (ther other facebook parts are loading perfectly).
I have tried with different URLs, different page contents, and only 1 success - when I loaded the AMAZON.com page in my app :)
My pages work fine when called normally through a browser by the way.
Any idea what I am doing wrong?
Thanks!
Did you specify a secure URL (https) for your app? If you have, is your SSL certificate valid (might have expired)?
SSL support for page tabs has been mandatory since October 1, 2011.
You probably already reviewed this info, but just in case here's the Facebook Page Tab Tutorial with screenshots and step by step setup.
I am trying to integrate a Mailchimp sign up form with my website. I generated the form in Mailchimp and copied the embed code to my site. The problem is that my site has an SSL certificate and when my potential clients try to sign up to my mailing list it gives them a security warning (in firefox) saying:
"Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information"
Is there any way to avoid getting this warning?
Thank you very much for any help.
I was also facing the same problem using default embed code provided by mailchimp, but that wasn't working on SSL site.
So after Googling for solution i found this link:
Stop MailChimp Forms Breaking Your SSL
https://www.ostraining.com/blog/coding/mailchimp-forms-ssl/
and it wasn't a big problem simply need to change the url from list-manage1.com to "list-manage.com"
simply need to test after removing 1 from the list-manage1.com and it worked fine after that.
It also works fine for post-json embed urls.
Short answer. No
Longer answer. No, you are stuck with that warning. You are posting to an unsecured site from a secured site and the user will get this notification.
It's more work than a simple embed, but you can do this using the MailChimp API which has support for SSL. See the section entitled HTTPS / Secure Connections in the API docs.
You can edit the form Mailchimp provide to embed so that it uses https and not http in the action url.
I have a website which has an SSL certificate installed. If I navigate to the site via https://www.[MY-SITE].com then it flashes up in Chrome for a second with a green https:// indication. Then it greys out and shows the message that the site is loading up insecure content.
Some of the links on the site are still the old http:// versions but it isn't actually loading anything from the files it is linking to. One thing I thought of was that I don't have access to change the Google Analytics code to the https:// so it is still on the http:// in the admin settings on Google. Would this be the issue?
Thanks,
Jack
It may occur mistakes I think. I just search out some post from web regarding your queries.
please read this link :
http://blogoscoped.com/archive/2007-12-13-n83.html
http://code.google.com/p/r-google-analytics/issues/detail?id=1
I hope it will be helpful for you.
I'm hoping this is just a bug on Facebook's end that will be fixed soon, but in my Facebook Connect app I'm launching the dialogue FB provides to make a post. This dialogue is launched on a page with an SSL connection. In this dialogue the profile pic for some users comes up with a security warning while others display correctly. I'm already setup to use Facebook's SSL javascript file instead of the HTTP file.
This is a bug at Facebook, but there's a work-around. When you use Facebook Connect to show a profile pic, you must set facebook-logo="false" on the fb:profile-pic FBML tag. (Note: the default is "true"). If you do this, and follow the instructions at facebook for using ssl, then the profile pic will be served using the correct protocol. If you leave it set to "true", then you always get the profile pics over http.
The bug is reported at http://bugs.developers.facebook.com/ as issue 5507 and possibly 7072 and 8485.
Also check whether you are serving the xd_receiver under ssl. The debugging hint at the bottom of this page can help you find if there are requests going to facebook other than the pictures which might not be SSL, thus confusing their determination of whether the page is under ssl: http://wiki.developers.facebook.com/index.php/Facebook_Connect_Via_SSL
I would use fiddler and see if there are other requests going to facebook which are not ssl, that will probably give you an indication of what is being missed, or if it is a bug.