AbleCommerce Shopping Cart Software


http://forums.ablecommerce.com/

Google "Not Secure" Notification

http://forums.ablecommerce.com/viewtopic.php?f=65&t=19112

Page 1 of 1

Google "Not Secure" Notification

Posted: Thu Aug 17, 2017 6:40 pm
by eileen
Got the following notice from Google:
Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
The following URLs on your site include text input fields (such as < input type="text" > or < input type="email" >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data.
...
The new warning is part of a long term plan to mark all pages served over HTTP as “not secure”.
Here’s how to fix this problem:
Migrate to HTTPS
To prevent the “Not Secure” notification from appearing when Chrome users visit your site, only collect user input data on pages served using HTTPS. Read about HTTPS
I asked our web host about this issue. Here is their response:
This is because AbleCommerce renders all product pages with http protocol and only redirects to https during checkout. This is an AbleCommerce issue and has to be addressed
by your AbleCommerce developer. The url rewrite in AbleCommerce has to be changed to use. https for all pages, not just checkout and user account pages.
Is this an issue AbleCommerce intends to address?

Re: Google "Not Secure" Notification

Posted: Fri Aug 18, 2017 12:06 am
by dandersonMLT
I received the same email this morning.
I have to start by saying this is ridiculous.

Google is going to mark a site as insecure because any text field is on a http page?
That is silly and I hope they reconsider.
Plenty of sites have only search or contact us pages and forcing developers to buy certificates is crazy.

With that said, I'm not sure how we fix this. I know the newest version or 2 of able supports a full site SSL option.
But a complete upgrade is costly and time consuming and won't be complete by October even if we decided to try.

Re: Google "Not Secure" Notification

Posted: Wed Aug 23, 2017 8:17 pm
by Odettes
dandersonMLT wrote: With that said, I'm not sure how we fix this. I know the newest version or 2 of able supports a full site SSL option.
But a complete upgrade is costly and time consuming and won't be complete by October even if we decided to try.
You can try to put in a custom rewrite rule in your webconfig like this(this works for me):

Code: Select all

<rewrite>
    <rules>
        <rule name="HTTP to HTTPS Redirect" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="off" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
        </rule>
   </rules>
</rewrite>
All times are UTC-05:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/