Google "Not Secure" Notification

For general questions and discussions specific to the AbleCommerce GOLD ASP.Net shopping cart software.
Post Reply
eileen
Lieutenant, Jr. Grade (LT JG)
Lieutenant, Jr. Grade (LT JG)
Posts: 41
Joined: Sun Feb 11, 2007 10:59 pm
Location: Novato, CA
Contact:

Google "Not Secure" Notification

Post by eileen » Thu Aug 17, 2017 6:40 pm

Got the following notice from Google:
Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
The following URLs on your site include text input fields (such as < input type="text" > or < input type="email" >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data.
...
The new warning is part of a long term plan to mark all pages served over HTTP as “not secure”.
Here’s how to fix this problem:
Migrate to HTTPS
To prevent the “Not Secure” notification from appearing when Chrome users visit your site, only collect user input data on pages served using HTTPS. Read about HTTPS
I asked our web host about this issue. Here is their response:
This is because AbleCommerce renders all product pages with http protocol and only redirects to https during checkout. This is an AbleCommerce issue and has to be addressed
by your AbleCommerce developer. The url rewrite in AbleCommerce has to be changed to use. https for all pages, not just checkout and user account pages.
Is this an issue AbleCommerce intends to address?

dandersonMLT
Lieutenant Commander (LCDR)
Lieutenant Commander (LCDR)
Posts: 95
Joined: Sun Oct 04, 2015 5:45 pm

Re: Google "Not Secure" Notification

Post by dandersonMLT » Fri Aug 18, 2017 12:06 am

I received the same email this morning.
I have to start by saying this is ridiculous.

Google is going to mark a site as insecure because any text field is on a http page?
That is silly and I hope they reconsider.
Plenty of sites have only search or contact us pages and forcing developers to buy certificates is crazy.

With that said, I'm not sure how we fix this. I know the newest version or 2 of able supports a full site SSL option.
But a complete upgrade is costly and time consuming and won't be complete by October even if we decided to try.

Odettes
Lieutenant Commander (LCDR)
Lieutenant Commander (LCDR)
Posts: 102
Joined: Wed Apr 02, 2008 11:00 am
Location: Stockholm, Sweden
Contact:

Re: Google "Not Secure" Notification

Post by Odettes » Wed Aug 23, 2017 8:17 pm

dandersonMLT wrote: With that said, I'm not sure how we fix this. I know the newest version or 2 of able supports a full site SSL option.
But a complete upgrade is costly and time consuming and won't be complete by October even if we decided to try.
You can try to put in a custom rewrite rule in your webconfig like this(this works for me):

Code: Select all

<rewrite>
    <rules>
        <rule name="HTTP to HTTPS Redirect" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="off" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
        </rule>
   </rules>
</rewrite>
Sincerely,
Thomas Berglund

https://traileronline.se
AbleCommerce Gold R11 Custom

Post Reply