Closed
Bug 521242
Opened 16 years ago
Closed 12 years ago
Recaptcha causes mixed-content SSL warnings on registration
Categories
(Websites Graveyard :: byob.mozilla.com, defect, P4)
Websites Graveyard
byob.mozilla.com
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: kev, Assigned: lorchard)
References
(Blocks 1 open bug, )
Details
(Keywords: sec-high, Whiteboard: [infrasec:tls][ws:high])
Attachments
(1 file)
|
494 bytes,
patch
|
lorchard
:
review-
|
Details | Diff | Splinter Review |
When loading the registration page, users are presented with the warning that some items in the page are not encrypted. This causes a "broken padlock" warning, and may also cause concern that the information being sent, which is personally identifiable, may not be encrypted between the client and webapp.
The warning appears to be caused by the reCAPTCHA code, and can be corrected by switching to the encrypted API as outlined at http://recaptcha.net/apidocs/captcha/client.html in the "Using reCAPTCHA on an https site" section. Could the registration page please be changed to use the https API to ensure all items in the page are delivered via https?
Steps to reproduce:
- Use a browser that has SSL warnings enabled
- Navigate to https://byob.mozilla.com/register
- A mixed-content message, warning the user that some items were not delivered securely, is displayed.
|
||
Comment 2•16 years ago
|
||
|
|
||
Updated•16 years ago
|
Summary: Recpatcha causes mixed-content SSL warnings on registration → Recaptcha causes mixed-content SSL warnings on registration
|
Assignee | |
Comment 3•16 years ago
|
||
Comment on attachment 406961 [details] [diff] [review]
patch - v1
This patch forces SSL for Recaptcha at the helper level, rather than the app level.
I've got a patch from ozten on another project that adds an SSL flag as a parameter to the helper, so I'll probably end up using that
Attachment #406961 -
Flags: review?(lorchard) → review-
|
|
||
Updated•16 years ago
|
Assignee: reed → lorchard
|
|
Assignee | |
Updated•15 years ago
|
Priority: -- → P4
Whiteboard: 02 hrs
|
|
Assignee | |
Comment 4•15 years ago
|
||
Pushing into my bug queue.
|
|
Assignee | |
Comment 5•15 years ago
|
||
Fixed in r62100
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
||
Comment 7•14 years ago
|
||
byob appears to be serving reCAPTCHA scripts over http again.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Whiteboard: 02 hrs → [infrasec:tls][ws:high]
|
|
||
Comment 8•14 years ago
|
||
Also, the video on the front page is not served over TLS; this causes mixed content warnings in some browsers regardless of whether or not the browser uses the object: http://www.mozilla.com/includes/flash/playerWithControls.swf?flv=firefox/3.6/whatsnewin36.mp4&autoplay=false&msg=Play%20Video
|
||
Updated•12 years ago
|
Blocks: mozorg-mixedcontent
|
||
Comment 9•12 years ago
|
||
ups, byob is long dead, so marking wontfix
Status: REOPENED → RESOLVED
Closed: 15 years ago → 12 years ago
Resolution: --- → WONTFIX
|
||
Updated•11 years ago
|
Product: Websites → Websites Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•