How do I disable the "Security Warning" - encrpted script message when I log in to a website using https ?
Whenever I log onto a website via https (including my website), I get this message:
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information? This is followed below with two boxes, "continue" and "cancel".
In order to connect with the website, I must click on "continue" each time I log onto the website. HOW do I permanently DISABLE this message?
Επιλεγμένη λύση
Firefox gives that error because the page is on HTTPS but your form action is HTTP:
<form action="http://eclipse69forum.com/index.php?app=core&module=global§ion=login&do=process" method="post" id="login">
Can you change that to HTTPS?
Edit: deactivated the link
Όλες οι απαντήσεις (14)
It appears you are changing between secure and non secure pages. I do not think the message can be disabled. Although it should be possible to avoid it by logging in directly to and remaining on the https pages.
- For example If you login directly to this forum using https you will get no warning message. https://support.mozilla.org/en-US/questions/781856#sign-out -> https://support.mozilla.org/en-US/users/auth -> https://support.mozilla.org/en-US/questions/781856
including
You will get that warning if you go from a secure https connection to an insecure http connection and POST data entered in a form on a secure site is send to an http server. The warning tells you that you are sending data from a secure site to a non secure http url. You can usually avoid such an alert if you directly go to the login page and not via a link on the http home page that has a redirect back to that page once you have logged on via a secure https connection.
What is possibly more common now will be warnings about Mixed Content Blocking.
- This article gives an example of some messages Firefox does generate
Mixed content blocking in Firefox
I also note you have a user.js file in your Firefox profile.
- Did you create that yourself, or know what did create it ?
- It may be of interest to check the contents of that as it will be changing Firefox settings. The content will be short and plain text.
- See http://kb.mozillazine.org/User.js_file
- If you rename the file (for instance to user.js.old01 ) that will disable it.
- The file is in the Firefox profile.
See Profiles - Where Firefox stores your bookmarks, passwords and other user data_how-do-i-find-my-profile
On your site, if you check the url of the login <form action=url method="POST"> is it HTTP or HTTPS? If you submit a form via POST to an HTTP URL on an HTTPS page, then you should always get a warning. Basically, this defeats the purpose of presenting the login form on a secure page.
In the past, some users of Microsoft sites (knowledge base? MSDN?) reported that they got this dialog all the time once they logged in to the site because in routine navigation the site would submit a hidden form. That's incredibly annoying and I can't recall whether a workaround was found, other than only logging in when absolutely necessary.
My Logging in: Typing in the URL of a website that uses/accepts https, I use https in fron of the URL. I get the message as I described in my original help posting.
I called Microsoft and they said it is a Firefox/Mozilla problem. While on the phone, the Microsoft Representative walked me through several steps, and one of those was to try using IE Browser. When I did, there was no such problem as I am experiencing with Mozilla Browser.
DJ
Sorry, I misunderstood. I thought when you wrote "my website" that you were the author or operator of the website. That's why I asked you about the page code. If it's not your website, then never mind about that.
Is the problem website a Microsoft website? Could you mention what site it is?
Thanks for your reply! Sorry, I seem to be getting you even more confused. I will try to clear this up. So let's start over ... whenever I log onto a website (mine or ANY other website) while using Mozilla Firefox Browser as my browser, AND the website has in its URL: HTTPS prefix instead of HTTP prefix - as in: https : mywebsite . com - I get this message:
"Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information? This is followed below with two boxes, CONTINUE and CANCEL. I have to click on ONE OF THESE BOXES, otherwise I cannot get out of this screen.
This is very annoying for TWO reasons: One, it is a waste of time. And two, it can be a "turn off" for people logging onto my website BECAUSE it IMPLIES or INFERS that my website has a security risk (it doesn't).
Microsoft asked me to log onto my website, USING Internet Explorer INSTEAD OF Mozilla Firefox - and any other website I could think of which has HTTPS as a prefix in the URL. I did this. And when I did, I DID NOT get the message as worded above. Instead, the log in just proceeds normally WITHOUT the message appearing, and the website comes up on my computer screen.
Microsoft tech representative had me make a change in my computer's controls, i.e., Internet Options. But she told me that would solve only using IE Browser, NOT Firefox. True. She further said I needed to contact Mozilla to get this solved as the PROBLEM exists with MOZILLA.
So, either I get this Mozilla Firefox Security message prevented from coming up EVERY time I log onto a website using HTTPS, OR, I STOP using Firefox and use IE Browser - which I don't really want to do, as up to now I liked the Firefox Browser.
DJ
Start Firefox in Safe Mode to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.
- Switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance
- Do NOT click the Reset button on the Safe Mode start window
- https://support.mozilla.org/kb/Safe+Mode
- https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes
Create a new profile as a test to check if your current profile is causing the problem.
See "Creating a profile":
- https://support.mozilla.org/kb/profile-manager-create-and-remove-firefox-profiles
- http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Profile_issues
If the new profile works then you can transfer files from a previously used profile to the new profile, but be cautious not to copy corrupted files to avoid carrying over problems.
Boot the computer in Windows Safe Mode with network support (press F8 on the boot screen) as a test.
Thanks for your response. I tried your first suggestion (Safe Mode), but not the other two. The "safe mode" action did not solve the problem.
I did notice something else: When I log onto a website using HTTPS which has a Green Padlock showing in the address bar, the problem I am experiencing does not occur. Logging onto my website, although HTTPS, does NOT have a Green Padlock but instead a Gray Padlock. Perhaps this is the difference?
Also, logging onto my website - which is a forum website - is a procedure of typing in one's username and password; then pressing the "sign in" button is when the process of actual connection takes place. Since this is a forum website, and it contains data of mixed content, perhaps this is why the Security Message comes up?
If either of the above is true, then it follows, does it not, that the only way of getting around this issue is to apply for a FULL SSL Certificate instead of the Standard SSL Certificate (which I have for my website). And that represents big bucks.
Any comment on this? Anyway, thanks for your help.
DJ
Can you give a link to a login page or two where you get this message? I want to check the <form> tag to see whether it submits to a secure or insecure URL. You should only get the message if it's an insecure URL.
The Extended Validation SSL certificate (EVSSL = green lock) isn't necessary to submit from secure-to-secure and avoid the error. But it's possible those sites are a little more careful about their code because they place a premium on being highly trusted.
Hello, thanks once again for your continued effort in trying to resolve this problem.
Okay, here is the URL for my website/forum: https://eclipse69forum.com Please note that in order to find out whether or not you experience the same problem as I do when logging in, you will need to fill in the boxes in full, then click on "Sign In".
You needn't be concerned about being a "permanent" Member of the forum - as administrator I can delete your Membership - just tell me that is what you wish and give me your chosen log in (Username).
DJ
Επιλεγμένη λύση
Firefox gives that error because the page is on HTTPS but your form action is HTTP:
<form action="http://eclipse69forum.com/index.php?app=core&module=global§ion=login&do=process" method="post" id="login">
Can you change that to HTTPS?
Edit: deactivated the link
Τροποποιήθηκε στις
Thanks for the information!
I will not be able to make the change as you suggested, however I will forward this information to my Tech guy who does all the technical changes for me.
If he can make the change, and that solves the problem, I will post the results here.
DJ
The problem has been fixed - my tech guy was able to make the necessary change as you suggested. Log in proceeds now WITHOUT the Security Message regarding encryption (unencryption connection).
This is a huge relief. Thank you jscher2000 for your assistance and help regarding this matter.
DJ
i just want to be able to turn off the stupid warning.. the only time i see it is when i am logged into the MS community forum and then i click on a link, there, for a MSKB article..
IE 6 had a similar warning, when changing from a secure connection to a non-secure connection, and it was easy to disable it, which i always did.. it seems that no one in the universe knows how to disable the warning, in "firefox"..
Hi redwolfe_98, sorry, but this is a slightly different error.
As discussed in an earlier thread (How do disable this Warning? Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection), when you are logged in, the link works differently: Microsoft transitions you through https://login.live.com/ (a secure page) that then posts a hidden form to an insecure page (on MSKB).
There is no built-in option to turn off the warning for posting a form from a secure to an insecure page.
A frustrated user of Microsoft sites posted a workaround in the earlier thread, which is to install the Greasemonkey extension and a userscript he wrote. What the script does is change the form on Microsoft intermediate page to post securely. If you encounter this issue frequently, it might be worth a look.
- Greasemonkey: https://addons.mozilla.org/firefox/addon/greasemonkey/
- Script: http://userscripts-mirror.org/scripts/show/173384 (note: the old userscripts.org site is defunct and this is a copy of its contents as of earlier this year)