Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Non-Secure Collection of Passwords will trigger warnings in Chrome 56

  1. #1
    osCMax Development Team

    Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    ridexbuilder's Avatar
    Join Date
    Jul 2008
    Location
    Haggisland
    Posts
    4,123
    Total Contributions For

    ridexbuilder     $ 15.00
    Rep Power
    95


    Exclamation Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    This post is for all users who utilise the login box in osCmax.

    For a change, I agree with Google on this one.
    The standard login box gives an opportunity to input login details on (as standard) non-https pages. The easiest way to circumvent this, is to not use this login Infobox, however you should really have alternative methods to display the information, once a user is logged in.

    I've added a small modification here (the attachment), that presents a My Account button link to the usual login page, instead of the user/password combination.

    I strongly suggest that site owners update their sites to disable the original login Infobox.
    Attached Images Attached Images
    Attached Files Attached Files
    Last edited by ridexbuilder; 01-26-2017 at 04:34 AM. Reason: Multilingual version

    Developers resource at bitbucket
    *** *** ***
    oscmax.co.uk / ejsolutions.co.uk
    Hosting plans with installation, configuration, contributions, support and maintenance.
    *** FREE osCmax hosting available ***
    oscmaxtemplates.com

  2. #2
    osCMax Development Team

    Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    ridexbuilder's Avatar
    Join Date
    Jul 2008
    Location
    Haggisland
    Posts
    4,123
    Total Contributions For

    ridexbuilder     $ 15.00
    Rep Power
    95


    Post Re: Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    It looks as though Firefox may also display the warning for the loginbox, as can be see on the index page of this forum.

    Developers resource at bitbucket
    *** *** ***
    oscmax.co.uk / ejsolutions.co.uk
    Hosting plans with installation, configuration, contributions, support and maintenance.
    *** FREE osCmax hosting available ***
    oscmaxtemplates.com

  3. #3
    Active Member
    Non-Secure Collection of Passwords will trigger warnings in Chrome 56


    Join Date
    Sep 2009
    Location
    Vancouver, BC, Canada
    Posts
    472
    Total Contributions For

    JRR     $ 180.00
    Rep Power
    66


    Default Re: Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    Quote Originally Posted by ridexbuilder View Post
    It looks as though Firefox may also display the warning for the loginbox, as can be see on the index page of this forum.
    I am running Firefox 51.0.1 (OSX) and it doesn't say anything untoward when I open the default Loginbox/Sign In. And I'm afraid I don't know what you mean by "as can be see(n) on the index page of this forum".
    However I will implement your recommendation.
    Thanks!

  4. #4
    Active Member
    Non-Secure Collection of Passwords will trigger warnings in Chrome 56


    Join Date
    Sep 2009
    Location
    Vancouver, BC, Canada
    Posts
    472
    Total Contributions For

    JRR     $ 180.00
    Rep Power
    66


    1 out of 1 members found this post helpful.

    Default Re: Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    Only thing I can suggest about your zip file is the /images/english should perhaps drill down one more level to /boxes.
    Otherwise it only took a minute to install.
    Great work!
    John :-#)#

  5. #5
    osCMax Development Team

    Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    ridexbuilder's Avatar
    Join Date
    Jul 2008
    Location
    Haggisland
    Posts
    4,123
    Total Contributions For

    ridexbuilder     $ 15.00
    Rep Power
    95


    Default Re: Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    I'll be more explicit: the warning will be shown on the index page of your catalog, assuming it is a non-https page.

    Sorry, the My Account image(s) should be in a subdirectory called buttons - good catch, JRR!
    Example: catalog/includes/languages/english/images/buttons
    Last edited by ridexbuilder; 02-28-2017 at 12:56 AM.

    Developers resource at bitbucket
    *** *** ***
    oscmax.co.uk / ejsolutions.co.uk
    Hosting plans with installation, configuration, contributions, support and maintenance.
    *** FREE osCmax hosting available ***
    oscmaxtemplates.com

  6. #6
    osCMax Development Team

    Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    ridexbuilder's Avatar
    Join Date
    Jul 2008
    Location
    Haggisland
    Posts
    4,123
    Total Contributions For

    ridexbuilder     $ 15.00
    Rep Power
    95


    Default Re: Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    Quote Originally Posted by JRR View Post
    I am running Firefox 51.0.1 (OSX) and it doesn't say anything untoward when I open the default Loginbox/Sign In. And I'm afraid I don't know what you mean by "as can be see(n) on the index page of this forum"..
    See attachment:
    Attached Images Attached Images

    Developers resource at bitbucket
    *** *** ***
    oscmax.co.uk / ejsolutions.co.uk
    Hosting plans with installation, configuration, contributions, support and maintenance.
    *** FREE osCmax hosting available ***
    oscmaxtemplates.com

  7. #7
    Active Member
    Non-Secure Collection of Passwords will trigger warnings in Chrome 56


    Join Date
    Sep 2009
    Location
    Vancouver, BC, Canada
    Posts
    472
    Total Contributions For

    JRR     $ 180.00
    Rep Power
    66


    Default Re: Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    Quote Originally Posted by ridexbuilder View Post
    See attachment:
    Ah, yes, I see the same thing (clicking on the lock with a line through it beside the URL on Firefox) when I am logging (and logged into) onto the forum.

  8. #8
    osCMax Developer


    Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    michael_s's Avatar
    Join Date
    Jul 2002
    Location
    Phoenix, AZ
    Posts
    23,009
    Total Contributions For

    michael_s     $ 10.00
    Rep Power
    593


    1 out of 1 members found this post helpful.

    Default Re: Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    I think a quick modification to the loginbox to use SSL on submit will work too:


    In file:
    /catalog/includes/boxes/loginbox.php

    Change line 51 from this:
    PHP Code:
        $boxContent tep_draw_form('login'tep_href_link(FILENAME_LOGIN'action=process'$request_type)); 

    To this:
    PHP Code:
        $boxContent tep_draw_form('login'tep_href_link(FILENAME_LOGIN'action=process''SSL')); 
    And no more warnings, all secure and tidy.

    This will be included in the upcoming 2.5.5 release which is getting very close now...
    Michael Sasek

    osCmax 2.5.4 is now available via auto-installation using Softaculous!

    Stay Up To Date with everything osCMax:
    osCmax on Twitter - Up to the minute info as it happens. Know it first.

    osCmax Documentation

  9. #9
    osCMax Development Team

    Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    ridexbuilder's Avatar
    Join Date
    Jul 2008
    Location
    Haggisland
    Posts
    4,123
    Total Contributions For

    ridexbuilder     $ 15.00
    Rep Power
    95


    1 out of 1 members found this post helpful.

    Default Re: Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    Duh, I should've thought about that easier method.
    Thanks, Boss.

    Developers resource at bitbucket
    *** *** ***
    oscmax.co.uk / ejsolutions.co.uk
    Hosting plans with installation, configuration, contributions, support and maintenance.
    *** FREE osCmax hosting available ***
    oscmaxtemplates.com

  10. #10
    Active Member
    Non-Secure Collection of Passwords will trigger warnings in Chrome 56


    Join Date
    Sep 2009
    Location
    Vancouver, BC, Canada
    Posts
    472
    Total Contributions For

    JRR     $ 180.00
    Rep Power
    66


    Default Re: Non-Secure Collection of Passwords will trigger warnings in Chrome 56

    I've had that SSL fix in since 2014/07/08 - not sure where or how I found it or why I implemented it. Don't keep code change notes. Very bad habit not to keep notes. Completely forgot about it...it was done at the same time as I updated tell_a_friend.php.

    (Firefox does claim that the login for osCmax forum is not secure...unless you type HTTPS in the URL.)

    Hope to see 2.5.5 soon! An updated list of contributions would help by the way.

    Thanks!
    Last edited by JRR; 04-22-2017 at 10:23 AM.

Page 1 of 2 12 LastLast

Similar Threads

  1. CHMOD Warnings ...
    By pgmarshall in forum osCmax v2 Customization/Mods
    Replies: 31
    Last Post: 08-12-2010, 08:12 AM
  2. FCKeditor warnings
    By genepool in forum osCommerce 2.2 Installation Help
    Replies: 1
    Last Post: 07-08-2009, 03:18 PM
  3. Warnings on installation
    By gagne in forum osCmax v2 Installation issues
    Replies: 13
    Last Post: 05-17-2009, 01:43 PM
  4. Strange warnings. Help!
    By EPierre in forum osCommerce 2.2 Discussion
    Replies: 0
    Last Post: 11-09-2006, 06:27 PM
  5. Please help: Warnings...
    By laonux in forum osCommerce 2.2 Installation Help
    Replies: 3
    Last Post: 02-23-2003, 08:10 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •