X
點擊此處開啟此網站的行動版。

技術支援討論區

How do I disable the "Security Warning" - encrpted script message when I log in to a website using https ?

已張貼

Whenever I log onto a website via https (including my website), I get this message:

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information? This is followed below with two boxes, "continue" and "cancel".

In order to connect with the website, I must click on "continue" each time I log onto the website. HOW do I permanently DISABLE this message?

Whenever I log onto a website via https (including my website), I get this message: Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information? This is followed below with two boxes, "continue" and "cancel". In order to connect with the website, I must click on "continue" each time I log onto the website. HOW do I permanently DISABLE this message?

被選擇的解決方法

Firefox gives that error because the page is on HTTPS but your form action is HTTP:

<form action="http://eclipse69forum.com/index.php?app=core&module=global&section=login&do=process" method="post" id="login">

Can you change that to HTTPS?


Edit: deactivated the link

從原來的回覆中察看解決方案 2

額外的系統細節

已安裝的外掛程式

  • Shockwave Flash 14.0 r0
  • Next Generation Java Plug-in 10.55.2 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.10
  • NPWLPG

應用程式

  • Firefox 30.0
  • 使用者代理:Mozilla/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
  • 技術支援網址:https://support.mozilla.org/1/firefox/30.0/WINNT/en-US/

擴充套件

  • DownloadHelper 4.9.22 ({b9db16a4-6edc-47ec-a1f4-b86292ed211d})
  • FireShot 0.98.59 ({0b457cAA-602d-484a-8fe7-c1d894a011ba})
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)

JavaScript

  • incrementalGCEnabled: True

圖形

  • adapterDescription: AMD Radeon HD 6300 series Graphics
  • adapterDescription2:
  • adapterDeviceID: 0x9802
  • adapterDeviceID2:
  • adapterDrivers: aticfx64 aticfx64 aticfx64 aticfx32 aticfx32 aticfx32 atiumd64 atidxx64 atidxx64 atiumdag atidxx32 atidxx32 atiumdva atiumd6a atitmm64
  • adapterDrivers2:
  • adapterRAM: 384
  • adapterRAM2:
  • adapterVendorID: 0x1002
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.3.9600.17111
  • driverDate: 10-10-2013
  • driverDate2:
  • driverVersion: 13.151.1.3000
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (AMD Radeon HD 6300 series Graphics Direct3D9Ex vs_3_0 ps_3_0)
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Direct3D 10

修改過的偏好設定

  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.places.smartBookmarksVersion: 7
  • browser.search.useDBForOrder: True
  • browser.sessionstore.upgradeBackup.latestBuildID: 20140605174243
  • browser.startup.homepage_override.buildID: 20140605174243
  • browser.startup.homepage_override.mstone: 30.0
  • dom.ipc.plugins.enabled.nptnt2.dll: False
  • dom.mozApps.used: True
  • extensions.lastAppVersion: 30.0
  • font.internaluseonly.changed: False
  • gfx.direct3d.last_used_feature_level_idx: 0
  • network.cookie.prefsMigrated: True
  • places.database.lastMaintenance: 1406298149
  • places.history.expiration.transient_current_max_pages: 96424
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • plugin.state.npconduitfirefoxplugin: 0
  • privacy.cpd.downloads: False
  • privacy.cpd.formdata: False
  • privacy.cpd.history: False
  • privacy.cpd.sessions: False
  • privacy.sanitize.migrateFx3Prefs: True
  • privacy.sanitize.timeSpan: 4
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1405593700

其他

  • User JS: 是
  • 輔助功能: 否
John99 971 個解決方法 13138 個答案

It appears you are changing between secure and non secure pages. I do not think the message can be disabled. Although it should be possible to avoid it by logging in directly to and remaining on the https pages.

including

You will get that warning if you go from a secure https connection to an insecure http connection and POST data entered in a form on a secure site is send to an http server.
The warning tells you that you are sending data from a secure site to a non secure http url.
You can usually avoid such an alert if you directly go to the login page and not via a link on the http home page that has a redirect back to that page once you have logged on via a secure https connection. 

What is possibly more common now will be warnings about Mixed Content Blocking.


I also note you have a user.js file in your Firefox profile.

It appears you are changing between secure and non secure pages. I do not think the message can be disabled. Although it should be possible to avoid it by logging in directly to and remaining on the https pages. *For example If you login directly to this forum using https you will get no warning message. https://support.mozilla.org/en-US/questions/781856#sign-out -> https://support.mozilla.org/en-US/users/auth -> https://support.mozilla.org/en-US/questions/781856 *See [/questions/781856#answer-135152] including ''You will get that warning if you go from a secure https connection to an insecure http connection and POST data entered in a form on a secure site is send to an http server.'' ''The warning tells you that you are sending data from a secure site to a non secure http url.'' ''You can usually avoid such an alert if you directly go to the login page and not via a link on the http home page that has a redirect back to that page once you have logged on via a secure https connection. '' What is possibly more common now will be warnings about Mixed Content Blocking. * This article gives an example of some messages Firefox does generate <br /> [[How does content that isn't secure affect my safety?]] ---------- I also note you have a '''user.js''' file in your Firefox profile. *Did you create that yourself, or know what did create it ? *It may be of interest to check the contents of that as it will be changing Firefox settings. The content will be short and plain text. * See http://kb.mozillazine.org/User.js_file * If you rename the file (for instance to ''user.js.old01'' ) that will disable it. *The file is in the Firefox profile. <br />See [[Profiles - Where Firefox stores your bookmarks, passwords and other user data#w_how-do-i-find-my-profile]]'''_how-do-i-find-my-profile'''
jscher2000
  • Top 10 Contributor
8632 個解決方法 70600 個答案

On your site, if you check the url of the login <form action=url method="POST"> is it HTTP or HTTPS? If you submit a form via POST to an HTTP URL on an HTTPS page, then you should always get a warning. Basically, this defeats the purpose of presenting the login form on a secure page.

In the past, some users of Microsoft sites (knowledge base? MSDN?) reported that they got this dialog all the time once they logged in to the site because in routine navigation the site would submit a hidden form. That's incredibly annoying and I can't recall whether a workaround was found, other than only logging in when absolutely necessary.

On your site, if you check the url of the login &lt;form action=''url'' method="POST"> is it HTTP or HTTPS? If you submit a form via POST to an HTTP URL on an HTTPS page, then you should always get a warning. Basically, this defeats the purpose of presenting the login form on a secure page. In the past, some users of Microsoft sites (knowledge base? MSDN?) reported that they got this dialog all the time once they logged in to the site because in routine navigation the site would submit a hidden form. That's incredibly annoying and I can't recall whether a workaround was found, other than only logging in when absolutely necessary.

提出問題者

My Logging in: Typing in the URL of a website that uses/accepts https, I use https in fron of the URL. I get the message as I described in my original help posting.

I called Microsoft and they said it is a Firefox/Mozilla problem. While on the phone, the Microsoft Representative walked me through several steps, and one of those was to try using IE Browser. When I did, there was no such problem as I am experiencing with Mozilla Browser.

DJ

My Logging in: Typing in the URL of a website that uses/accepts https, I use https in fron of the URL. I get the message as I described in my original help posting. I called Microsoft and they said it is a Firefox/Mozilla problem. While on the phone, the Microsoft Representative walked me through several steps, and one of those was to try using '''IE Browser'''. When I did, there was no such problem as I am experiencing with Mozilla Browser. DJ
jscher2000
  • Top 10 Contributor
8632 個解決方法 70600 個答案

Sorry, I misunderstood. I thought when you wrote "my website" that you were the author or operator of the website. That's why I asked you about the page code. If it's not your website, then never mind about that.

Is the problem website a Microsoft website? Could you mention what site it is?

Sorry, I misunderstood. I thought when you wrote "my website" that you were the author or operator of the website. That's why I asked you about the page code. If it's not your website, then never mind about that. Is the problem website a Microsoft website? Could you mention what site it is?

有幫助的回覆

Thanks for your reply! Sorry, I seem to be getting you even more confused. I will try to clear this up. So let's start over ... whenever I log onto a website (mine or ANY other website) while using Mozilla Firefox Browser as my browser, AND the website has in its URL: HTTPS prefix instead of HTTP prefix - as in: https : mywebsite . com - I get this message:

"Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information? This is followed below with two boxes, CONTINUE and CANCEL. I have to click on ONE OF THESE BOXES, otherwise I cannot get out of this screen.

This is very annoying for TWO reasons: One, it is a waste of time. And two, it can be a "turn off" for people logging onto my website BECAUSE it IMPLIES or INFERS that my website has a security risk (it doesn't).

Microsoft asked me to log onto my website, USING Internet Explorer INSTEAD OF Mozilla Firefox - and any other website I could think of which has HTTPS as a prefix in the URL. I did this. And when I did, I DID NOT get the message as worded above. Instead, the log in just proceeds normally WITHOUT the message appearing, and the website comes up on my computer screen.

Microsoft tech representative had me make a change in my computer's controls, i.e., Internet Options. But she told me that would solve only using IE Browser, NOT Firefox. True. She further said I needed to contact Mozilla to get this solved as the PROBLEM exists with MOZILLA.

So, either I get this Mozilla Firefox Security message prevented from coming up EVERY time I log onto a website using HTTPS, OR, I STOP using Firefox and use IE Browser - which I don't really want to do, as up to now I liked the Firefox Browser.

DJ

Thanks for your reply! Sorry, I seem to be getting you even more confused. I will try to clear this up. So let's start over ... whenever I log onto a website (mine or ANY other website) while using Mozilla Firefox Browser as my browser, AND the website has in its URL: HTTPS prefix instead of HTTP prefix - as in: https : mywebsite . com - I get this message: "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information? This is followed below with two boxes, CONTINUE and CANCEL. I have to click on ONE OF THESE BOXES, otherwise I cannot get out of this screen. This is very annoying for TWO reasons: One, it is a waste of time. And two, it can be a "turn off" for people logging onto my website BECAUSE it IMPLIES or INFERS that my website has a security risk (it doesn't). Microsoft asked me to log onto my website, USING Internet Explorer INSTEAD OF Mozilla Firefox - and any other website I could think of which has HTTPS as a prefix in the URL. I did this. And when I did, I DID NOT get the message as worded above. Instead, the log in just proceeds normally WITHOUT the message appearing, and the website comes up on my computer screen. Microsoft tech representative had me make a change in my computer's controls, i.e., Internet Options. But she told me that would solve only using IE Browser, NOT Firefox. True. She further said I needed to contact Mozilla to get this solved as the PROBLEM exists with MOZILLA. So, either I get this Mozilla Firefox Security message prevented from coming up EVERY time I log onto a website using HTTPS, OR, I STOP using Firefox and use IE Browser - which I don't really want to do, as up to now I liked the Firefox Browser. DJ
cor-el
  • Top 10 Contributor
  • Moderator
17409 個解決方法 157268 個答案

Start Firefox in Safe Mode to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.

  • Switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance
  • Do NOT click the Reset button on the Safe Mode start window

Create a new profile as a test to check if your current profile is causing the problem.

See "Creating a profile":

If the new profile works then you can transfer files from a previously used profile to the new profile, but be cautious not to copy corrupted files to avoid carrying over problems.


Boot the computer in Windows Safe Mode with network support (press F8 on the boot screen) as a test.

Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem. *Switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance *Do NOT click the Reset button on the Safe Mode start window *https://support.mozilla.org/kb/Safe+Mode *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes ---- Create a new profile as a test to check if your current profile is causing the problem. See "Creating a profile": *https://support.mozilla.org/kb/profile-manager-create-and-remove-firefox-profiles *http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Profile_issues If the new profile works then you can transfer files from a previously used profile to the new profile, but be cautious not to copy corrupted files to avoid carrying over problems. *http://kb.mozillazine.org/Transferring_data_to_a_new_profile_-_Firefox ---- Boot the computer in Windows Safe Mode with network support (press F8 on the boot screen) as a test. *http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

提出問題者

Thanks for your response. I tried your first suggestion (Safe Mode), but not the other two. The "safe mode" action did not solve the problem.

I did notice something else: When I log onto a website using HTTPS which has a Green Padlock showing in the address bar, the problem I am experiencing does not occur. Logging onto my website, although HTTPS, does NOT have a Green Padlock but instead a Gray Padlock. Perhaps this is the difference?

Also, logging onto my website - which is a forum website - is a procedure of typing in one's username and password; then pressing the "sign in" button is when the process of actual connection takes place. Since this is a forum website, and it contains data of mixed content, perhaps this is why the Security Message comes up?

If either of the above is true, then it follows, does it not, that the only way of getting around this issue is to apply for a FULL SSL Certificate instead of the Standard SSL Certificate (which I have for my website). And that represents big bucks.

Any comment on this? Anyway, thanks for your help.

DJ

Thanks for your response. I tried your first suggestion (Safe Mode), but not the other two. The "safe mode" action did not solve the problem. I did notice something else: When I log onto a website using HTTPS which has a '''Green Padlock showing in the address bar''', the problem I am experiencing does not occur. Logging onto my website, although HTTPS, does NOT have a Green Padlock but instead a '''Gray Padlock'''. Perhaps this is the difference? Also, logging onto my website - which is a forum website - is a procedure of typing in one's username and password; then pressing the "sign in" button is when the process of actual connection takes place. Since this is a forum website, and it contains data of '''mixed content''', perhaps this is why the Security Message comes up? '''If either of the above is true,''' then it follows, does it not, that the only way of getting around this issue is to apply for a FULL SSL Certificate instead of the Standard SSL Certificate (which I have for my website). And that represents big bucks. Any comment on this? Anyway, thanks for your help. DJ
jscher2000
  • Top 10 Contributor
8632 個解決方法 70600 個答案

Can you give a link to a login page or two where you get this message? I want to check the <form> tag to see whether it submits to a secure or insecure URL. You should only get the message if it's an insecure URL.

The Extended Validation SSL certificate (EVSSL = green lock) isn't necessary to submit from secure-to-secure and avoid the error. But it's possible those sites are a little more careful about their code because they place a premium on being highly trusted.

Can you give a link to a login page or two where you get this message? I want to check the &lt;form> tag to see whether it submits to a secure or insecure URL. You should only get the message if it's an insecure URL. The Extended Validation SSL certificate (EVSSL = green lock) isn't necessary to submit from secure-to-secure and avoid the error. But it's possible those sites are a little more careful about their code because they place a premium on being highly trusted.

提出問題者

Hello, thanks once again for your continued effort in trying to resolve this problem.

Okay, here is the URL for my website/forum: https://eclipse69forum.com Please note that in order to find out whether or not you experience the same problem as I do when logging in, you will need to fill in the boxes in full, then click on "Sign In".

You needn't be concerned about being a "permanent" Member of the forum - as administrator I can delete your Membership - just tell me that is what you wish and give me your chosen log in (Username).

DJ

Hello, thanks once again for your continued effort in trying to resolve this problem. Okay, here is the URL for my website/forum: '''https://eclipse69forum.com ''' '''Please note''' that in order to find out whether or not you experience the same problem as I do when logging in, you will need to '''fill in the boxes in full, then click on "Sign In".''' You needn't be concerned about being a "permanent" Member of the forum - as administrator I can delete your Membership - just tell me that is what you wish and give me your chosen log in (Username). DJ
jscher2000
  • Top 10 Contributor
8632 個解決方法 70600 個答案

選擇的解決方法

Firefox gives that error because the page is on HTTPS but your form action is HTTP:

<form action="http://eclipse69forum.com/index.php?app=core&module=global&section=login&do=process" method="post" id="login">

Can you change that to HTTPS?


Edit: deactivated the link

Firefox gives that error because the page is on HTTPS but your form action is HTTP: &lt;form action="http://eclipse69forum''.''com/index.php?app=core&amp;module=global&amp;section=login&amp;do=process" method="post" id="login"> Can you change that to HTTPS? ''Edit: deactivated the link''

由 jscher2000 於 修改

提出問題者

Thanks for the information!

I will not be able to make the change as you suggested, however I will forward this information to my Tech guy who does all the technical changes for me.

If he can make the change, and that solves the problem, I will post the results here.

DJ

Thanks for the information! I will not be able to make the change as you suggested, however I will forward this information to my Tech guy who does all the technical changes for me. If he can make the change, and that solves the problem, I will post the results here. DJ

提出問題者

The problem has been fixed - my tech guy was able to make the necessary change as you suggested. Log in proceeds now WITHOUT the Security Message regarding encryption (unencryption connection).

This is a huge relief. Thank you jscher2000 for your assistance and help regarding this matter.

DJ

The problem has been fixed - my tech guy was able to make the necessary change as you suggested. Log in proceeds now WITHOUT the Security Message regarding encryption (unencryption connection). This is a huge relief. Thank you jscher2000 for your assistance and help regarding this matter. DJ
redwolfe_98 0 個解決方法 2 個答案

有幫助的回覆

i just want to be able to turn off the stupid warning.. the only time i see it is when i am logged into the MS community forum and then i click on a link, there, for a MSKB article..

IE 6 had a similar warning, when changing from a secure connection to a non-secure connection, and it was easy to disable it, which i always did.. it seems that no one in the universe knows how to disable the warning, in "firefox"..

i just want to be able to turn off the stupid warning.. the only time i see it is when i am logged into the MS community forum and then i click on a link, there, for a MSKB article.. IE 6 had a similar warning, when changing from a secure connection to a non-secure connection, and it was easy to disable it, which i always did.. it seems that no one in the universe knows how to disable the warning, in "firefox"..
jscher2000
  • Top 10 Contributor
8632 個解決方法 70600 個答案

Hi redwolfe_98, sorry, but this is a slightly different error.

As discussed in an earlier thread (How do disable this Warning? Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection), when you are logged in, the link works differently: Microsoft transitions you through https://login.live.com/ (a secure page) that then posts a hidden form to an insecure page (on MSKB).

There is no built-in option to turn off the warning for posting a form from a secure to an insecure page.

A frustrated user of Microsoft sites posted a workaround in the earlier thread, which is to install the Greasemonkey extension and a userscript he wrote. What the script does is change the form on Microsoft intermediate page to post securely. If you encounter this issue frequently, it might be worth a look.

Hi redwolfe_98, sorry, but this is a slightly different error. As discussed in an earlier thread ([https://support.mozilla.org/questions/964250 How do disable this Warning? Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection]), when you are logged in, the link works differently: Microsoft transitions you through https://login.live.com/ (a secure page) that then posts a hidden form to an insecure page (on MSKB). There is no built-in option to turn off the warning for ''posting a form'' from a secure to an insecure page. A frustrated user of Microsoft sites posted a workaround in the earlier thread, which is to install the Greasemonkey extension and a userscript he wrote. What the script does is change the form on Microsoft intermediate page to post securely. If you encounter this issue frequently, it might be worth a look. * Greasemonkey: https://addons.mozilla.org/firefox/addon/greasemonkey/ * Script: http://userscripts-mirror.org/scripts/show/173384 (note: the old userscripts.org site is defunct and this is a copy of its contents as of earlier this year)