How to make secure form after mixed forms became insecure.
32 views
Skip to first unread message
Tom Grigory
Mar 3, 2021, 8:08:28 PM3/3/21
to securi...@chromium.org
I am working on a site called curiousfounders.com , But when I added a mixed form it became insecure. How to solve this problem? I also read https://blog.chromium.org/2020/08/protecting-google-chrome-users-from.html
How can I solve the signing up process without mixed forms?
ᐧ
ᐧ
Carlos IL
Mar 3, 2021, 8:15:28 PM3/3/21
to Tom Grigory, security-dev
Hi Tom,
In order for your site to be fully secure, and no warnings to trigger on it, you need to make sure all your forms submit to an https:// URL. In this page the issue is the subscription form, which submits to "http://news.curiousfounders.com/add_subscriber", which then seems to redirect to https. If you instead change the form action so it submits directly to "http://news.curiousfounders.com/add_subscriber", that should fix your mixed forms issue.
-Carlos
Alex Gaynor
Mar 3, 2021, 8:19:32 PM3/3/21
to Carlos IL, Tom Grigory, security-dev
Carlos, I think you have a typo -- your message should say "submits directly to https://news.curiousfounders.com/add_subscriber" , you dropped the s!
Alex
--
To unsubscribe from this group and stop receiving emails from it, send an email to security-dev...@chromium.org.
All that is necessary for evil to succeed is for good people to do nothing.
Carlos IL
Mar 3, 2021, 8:20:38 PM3/3/21
to Alex Gaynor, Tom Grigory, security-dev
I did indeed, the right URL to submit to is https://news.curiousfounders.com/add_subscriber. Thanks for catching this!
-Carlos
Tom Grigory
Mar 4, 2021, 1:06:22 PM3/4/21
to Carlos IL, Alex Gaynor, security-dev
Great, Thank you for your service. Everything is working now.
ᐧ
ᐧReply all
Reply to author
Forward
0 new messages