When loading the registration page, users are presented with the warning that some items in the page are not encrypted. This causes a "broken padlock" warning, and may also cause concern that the information being sent, which is personally identifiable, may not be encrypted between the client and webapp. The warning appears to be caused by the reCAPTCHA code, and can be corrected by switching to the encrypted API as outlined at http://recaptcha.net/apidocs/captcha/client.html in the "Using reCAPTCHA on an https site" section. Could the registration page please be changed to use the https API to ensure all items in the page are delivered via https? Steps to reproduce: - Use a browser that has SSL warnings enabled - Navigate to https://byob.mozilla.com/register - A mixed-content message, warning the user that some items were not delivered securely, is displayed.
Created attachment 406961 [details] [diff] [review] patch - v1
Assignee: nobody → reed
Status: NEW → ASSIGNED
Attachment #406961 - Flags: review?(lorchard)
Summary: Recpatcha causes mixed-content SSL warnings on registration → Recaptcha causes mixed-content SSL warnings on registration
Comment on attachment 406961 [details] [diff] [review] patch - v1 This patch forces SSL for Recaptcha at the helper level, rather than the app level. I've got a patch from ozten on another project that adds an SSL flag as a parameter to the helper, so I'll probably end up using that
Attachment #406961 - Flags: review?(lorchard) → review-
Pushing into my bug queue.
Fixed in r62100
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
verified fixed !
Status: RESOLVED → VERIFIED
byob appears to be serving reCAPTCHA scripts over http again.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Whiteboard: 02 hrs → [infrasec:tls][ws:high]
Also, the video on the front page is not served over TLS; this causes mixed content warnings in some browsers regardless of whether or not the browser uses the object: http://www.mozilla.com/includes/flash/playerWithControls.swf?flv=firefox/3.6/whatsnewin36.mp4&autoplay=false&msg=Play%20Video
ups, byob is long dead, so marking wontfix
Status: REOPENED → RESOLVED
Last Resolved: 8 years ago → 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.