GFC from secure site
1 view
Skip to first unread message
George
Sep 30, 2009, 2:52:33 AM9/30/09
to Google Friend Connect Developer Forum
Hello,
I have a secure(https) page where members of my site may log in.
Recently I added ability for members to sign in using GFC.
Now, every time visitor open this page, he gets warning:
"Although this page is encrypted, the information you have entered is
to be sent over an unencrypted connection and could easily be read by
a third party. Are you sure you want to continue?"
I switched "http://www.google.com/jsapi" to "https://www.google.com/
jsapi" but it doesn't help.
My code:
<script language="JavaScript" src="https://www.google.com/jsapi">
<script>
google.load('friendconnect', '0.8');
google.setOnLoadCallback(googleCallback);
function googleCallback() {
google.friendconnect.container.initOpenSocialApi( ...
</script>
Two questions:
1) Any way to avoid this message? (server-side, of course)
2) If no, will be this feature added in next release?
wbr, George
I have a secure(https) page where members of my site may log in.
Recently I added ability for members to sign in using GFC.
Now, every time visitor open this page, he gets warning:
"Although this page is encrypted, the information you have entered is
to be sent over an unencrypted connection and could easily be read by
a third party. Are you sure you want to continue?"
I switched "http://www.google.com/jsapi" to "https://www.google.com/
jsapi" but it doesn't help.
My code:
<script language="JavaScript" src="https://www.google.com/jsapi">
<script>
google.load('friendconnect', '0.8');
google.setOnLoadCallback(googleCallback);
function googleCallback() {
google.friendconnect.container.initOpenSocialApi( ...
</script>
Two questions:
1) Any way to avoid this message? (server-side, of course)
2) If no, will be this feature added in next release?
wbr, George
Bob Aman
Nov 13, 2009, 7:25:49 PM11/13/09
to google-friend-co...@googlegroups.com
Hey, sorry I'm getting to this late. I just went through the archive
and noticed this went unanswered.
> Two questions:
> 1) Any way to avoid this message? (server-side, of course)
Unfortunately no. GFC does not use https for transport, and there is
no current plan to support this.
> 2) If no, will be this feature added in next release?
No. There's a very good chance that it will never be implemented.
GFC data is largely public, accessible to anyone, and aside from the
login process itself, there is no need for encryption. Enabling
encrypted gadgets would be prohibitively difficult to do.
The current recommendation is simply to use normal http for any sites
that implement GFC.
-Bob
and noticed this went unanswered.
> Two questions:
> 1) Any way to avoid this message? (server-side, of course)
no current plan to support this.
> 2) If no, will be this feature added in next release?
GFC data is largely public, accessible to anyone, and aside from the
login process itself, there is no need for encryption. Enabling
encrypted gadgets would be prohibitively difficult to do.
The current recommendation is simply to use normal http for any sites
that implement GFC.
-Bob
Reply all
Reply to author
Forward
0 new messages