X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

How do disable this Warning? Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection

Kuphostiwe

Going from a secure page back to a non secure page I am constantly getting this warning. I had it disabled in the config page but it has now come back. I dropped IE for Firefox but if I have to put up with this it's Bye Bye Firefox.

Going from a secure page back to a non secure page I am constantly getting this warning. I had it disabled in the config page but it has now come back. I dropped IE for Firefox but if I have to put up with this it's Bye Bye Firefox.

Okulungisiwe ngu the-edmeister

Eminye Imininingwane Yohlelo

Fakela amapulagi

  • Shockwave Flash 11.7 r700
  • Adobe PDF Plug-In For Firefox and Netscape "9.5.4"
  • 5.1.20125.0
  • NVIDIA 3D Vision plugin for Mozilla browsers
  • NVIDIA 3D Vision Streaming plugin for Mozilla browsers
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • iTunes Detector Plug-in
  • VLC media player Web Plugin 2.0.2
  • Foxit Reader Plug-In For Firefox and Netscape
  • GEPlugin
  • NPWLPG
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.1

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0

Eminye Imininingwane

Amit Kumar Thakur
  • Locale Leader
70 izisombululo 859 izimpendulo
Kuphostiwe

This is the PostToInsecureFromSecureMessage: "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party"

The "PostToInsecureFromSecureMessage" warning can't be suppressed, it is too important. You will get that warning if you go from a secure https connection to an insecure http connection and POST data entered in a form on a secure site is send to an http server.

The warning tells you that you are sending data from a secure site to a non secure http url. You can usually avoid such an alert if you directly go to the login page and not via a link on the http home page that has a redirect back to that page once you have logged on via a secure https connection.

This is the PostToInsecureFromSecureMessage: "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party" The "PostToInsecureFromSecureMessage" warning can't be suppressed, it is too important. You will get that warning if you go from a secure https connection to an insecure http connection and POST data entered in a form on a secure site is send to an http server. The warning tells you that you are sending data from a secure site to a non secure http url. You can usually avoid such an alert if you directly go to the login page and not via a link on the http home page that has a redirect back to that page once you have logged on via a secure https connection.
cor-el
  • Top 10 Contributor
  • Moderator
17421 izisombululo 157393 izimpendulo
Kuphostiwe

See also [/questions/962465]

See also [[/questions/962465]]

Umnikazi wombuzo

Not much help are you?

Not much help are you?
cor-el
  • Top 10 Contributor
  • Moderator
17421 izisombululo 157393 izimpendulo
Kuphostiwe

It is a problem with the server setup and Firefox or you can't do much to avoid this.

You have entered data while using as secure https connection and the server redirects to a web site that has a normal http: protocol, so Firefox informs you about this.
It is up to you to decide how to proceed and you can choose to contact the website to inform them about this and aks them to correct this by using a secure connection in all cases.

You may also be able to avoid this by first signing in and then go to other pages on the server that may not be encrypted. Only if you let the server redirect you you will get this notification.

It is a problem with the server setup and Firefox or you can't do much to avoid this. You have entered data while using as secure https connection and the server redirects to a web site that has a normal http: protocol, so Firefox informs you about this.<br /> It is up to you to decide how to proceed and you can choose to contact the website to inform them about this and aks them to correct this by using a secure connection in all cases. You may also be able to avoid this by first signing in and then go to other pages on the server that may not be encrypted. Only if you let the server redirect you you will get this notification.
thx1200 0 izisombululo 5 izimpendulo
Kuphostiwe

Impendulo Ewusizo

It is simply unrealistic for Mozzila to expect huge multinational corporations to change the way their site works. The fact is that many logons to many websites are not important enough to warrant this warning. I simply don't care if my session to MSDN forums is hijacked, yet I have to deal with this warning every single time I go to a MS site. It's been this way, as far as I can tell, going back to 2006 and nothing has changed.

Please add a way to disable, or at least, whitelist sites out of this warning. It doesn't have to be an exposed setting. You can bookend it with as many "this is a bad idea" warning messages as you want.

This is seriously pissing off users for absolutely no reason other than Mozilla taking a presumed "high road" to security. The problem is that if you warn too much, people stop paying attention, and this is FAR WORSE than allowing them to ignore this message on sites that behave badly from a security perspective for which the end user *doesn't care*.

It is simply unrealistic for Mozzila to expect huge multinational corporations to change the way their site works. The fact is that many logons to many websites are not important enough to warrant this warning. I simply don't care if my session to MSDN forums is hijacked, yet I have to deal with this warning every single time I go to a MS site. It's been this way, as far as I can tell, going back to 2006 and nothing has changed. Please add a way to disable, or at least, whitelist sites out of this warning. It doesn't have to be an exposed setting. You can bookend it with as many "this is a bad idea" warning messages as you want. This is seriously pissing off users for absolutely no reason other than Mozilla taking a presumed "high road" to security. The problem is that if you warn too much, people stop paying attention, and this is FAR WORSE than allowing them to ignore this message on sites that behave badly from a security perspective for which the end user *doesn't care*.

Impendulo Ewusizo

Mozzila, I don't think you really understand how often this warning comes up. I have already logged in to the secure site and have conducted & concluded my business, but I get this warning when I leave the secure site to continue on. Very Very Annoying. Even with Microsoft IE I do get this pain in the ass. What is wrong with you that you keep sprouting this drivel? You have many complaints that this is unacceptable and unnecessary. Its an easy fix so just make it happen and stop making excuses.

Mozzila, I don't think you really understand how often this warning comes up. I have already logged in to the secure site and have conducted & concluded my business, but I get this warning when I leave the secure site to continue on. Very Very Annoying. Even with Microsoft IE I do get this pain in the ass. What is wrong with you that you keep sprouting this drivel? You have many complaints that this is unacceptable and unnecessary. Its an easy fix so just make it happen and stop making excuses.
thx1200 0 izisombululo 5 izimpendulo
Kuphostiwe

So I decided to see if there was a way to work around this using Greasemonkey and I did figure it out for Microsoft sites. I uploaded the script here: http://userscripts.org/scripts/show/173384

Basically it looks for the insecure connection in form submissions when going through the "live.com" authentication process and then changes http to https.

This method should be able to be adapted for other sites where the warning appears.

So I decided to see if there was a way to work around this using Greasemonkey and I did figure it out for Microsoft sites. I uploaded the script here: http://userscripts.org/scripts/show/173384 Basically it looks for the insecure connection in form submissions when going through the "live.com" authentication process and then changes http to https. This method should be able to be adapted for other sites where the warning appears.
jscher2000
  • Top 10 Contributor
8638 izisombululo 70669 izimpendulo
Kuphostiwe

Hi outaluck, you said this comes up often, but you should not get this message when you navigate from a secure site to an insecure site using a link or using a GET request, only when a POST is submitted from a secure site to an insecure site. Is that really a common scenario?

Are there particular sites you use regularly that have this problem and, if so, can you give a URL or two?

Hi outaluck, you said this comes up often, but you should not get this message when you navigate from a secure site to an insecure site using a link or using a GET request, only when a POST is submitted from a secure site to an insecure site. Is that really a common scenario? Are there particular sites you use regularly that have this problem and, if so, can you give a URL or two?
thx1200 0 izisombululo 5 izimpendulo
Kuphostiwe

@jscher2000 - Speaking for myself and trying not to totally hijack this thread... Log into a Microsoft site using a Microsoft ID. For example, MSDN or TechNet forums. If you don't get a warning at that time, Google for any Microsoft KB, or tech support topic (easiest search). Click on the link. It will bounce briefly over to live.com to verify your account. When it does this, the warning appears. This is for *every* microsoft page found via Google (or Bing) that requires a logon. I got the warning 20-30 times per day in normal usage until I made that Greasemonkey script.

EDIT: I should point out that in this particular case, what is happening behind the scenes is that a page is rendered out with a form and then javascript is submitting the form, so that's how it ends up being a POST and not a regular redirection. Why it was designed this way, I have no idea, but it's Microsoft, so it's probably better not to ask.

I've seen it on other pages, but I can't think of them offhand because it was just random sites I found on google. Hopefully outaluck can give you more examples. But I really think the hundreds of thousands of pages on Microsoft alone should be sufficient to address this. It's not like that's an obscure blog or something.

Internet Explorer has always had the option to disable this warning on a zone. What I would do, in this case, is disable that warning on the Trusted Zone and if I ran into this issue on a site I trusted, I added it to the Trusted Zone. Firefox could implement something similar where you have basically a whitelist of sites in some settings in about:config that ignore this warning for those sites only. That way the security warning is enabled across the board unless a specific site is annoying you and you don't care.

If you need the example to be specific, here you go.

1. Go to http://social.technet.microsoft.com/Forums/systemcenter/en-US/fe0b74d7-0f27-4124-a8f6-c2b8918f793f/sccm-2007-r2-policy-table-large-and-growing-fast

2. Log in (upper-right corner)

3. Google for kb2808679

4. Click on the link and the warning appears after the redirects.

@jscher2000 - Speaking for myself and trying not to totally hijack this thread... Log into a Microsoft site using a Microsoft ID. For example, MSDN or TechNet forums. If you don't get a warning at that time, Google for any Microsoft KB, or tech support topic (easiest search). Click on the link. It will bounce briefly over to live.com to verify your account. When it does this, the warning appears. This is for *every* microsoft page found via Google (or Bing) that requires a logon. I got the warning 20-30 times per day in normal usage until I made that Greasemonkey script. EDIT: I should point out that in this particular case, what is happening behind the scenes is that a page is rendered out with a form and then javascript is submitting the form, so that's how it ends up being a POST and not a regular redirection. Why it was designed this way, I have no idea, but it's Microsoft, so it's probably better not to ask. I've seen it on other pages, but I can't think of them offhand because it was just random sites I found on google. Hopefully outaluck can give you more examples. But I really think the hundreds of thousands of pages on Microsoft alone should be sufficient to address this. It's not like that's an obscure blog or something. Internet Explorer has always had the option to disable this warning on a zone. What I would do, in this case, is disable that warning on the Trusted Zone and if I ran into this issue on a site I trusted, I added it to the Trusted Zone. Firefox could implement something similar where you have basically a whitelist of sites in some settings in about:config that ignore this warning for those sites only. That way the security warning is enabled across the board unless a specific site is annoying you and you don't care. If you need the example to be specific, here you go. 1. Go to http://social.technet.microsoft.com/Forums/systemcenter/en-US/fe0b74d7-0f27-4124-a8f6-c2b8918f793f/sccm-2007-r2-policy-table-large-and-growing-fast 2. Log in (upper-right corner) 3. Google for kb2808679 4. Click on the link and the warning appears after the redirects.

Okulungisiwe ngu thx1200

jscher2000
  • Top 10 Contributor
8638 izisombululo 70669 izimpendulo
Kuphostiwe

Hi thx1200, thank you for that example. Microsoft seems to be doing something special with MSKB for logged-in users related to translations, which generates the annoying dialogs. Definitely makes you want to log out of your Microsoft account.

I think a per-site permission is a good idea. Perhaps it is the pair of sites, the from and to, that you would approve. The CheckPost() function which detects secure-to-insecure posts knows both the URL on which the form is hosted and the URL of the destination, so that should be possible. Not that I have any idea how it would actually be done in code.

Hi thx1200, thank you for that example. Microsoft seems to be doing something special with MSKB for logged-in users related to translations, which generates the annoying dialogs. Definitely makes you want to log out of your Microsoft account. I think a per-site permission is a good idea. Perhaps it is the pair of sites, the from and to, that you would approve. The CheckPost() function which detects secure-to-insecure posts knows both the URL on which the form is hosted and the URL of the destination, so that should be possible. Not that I have any idea how it would actually be done in code.
Misuko 0 izisombululo 1 izimpendulo
Kuphostiwe

Mozilla folks.. i started having this problem just recently after installing Firefox 22, the worst update you have ever released. This warning appears constantly regardless of how I get to webpage. I have read all the articles on this issue and it seems the best reply you can offer is something along the lines of 'put up with it because it's for your own protection.' Please, don't patronize us. You have really messed up badly with Firefox 22 yet you don't seem to be willing to own up to it. I came to the Support page looking for help with this issue, among other issues that started right after Installing stupid Firefox 22, but all I read is a bunch of BS excuses and no solutions. Many of us don't have to time or care to be tweaking and retweaking this or that every time you come up with a new idea you 'think' we will love.You have made me waste precious hours fixing all the problems you cause with your irresponsible attitude. And now you are venturing into the mobile phone business, yet you can't get release regular updates without creating havoc with our settings. I certainly would discourage anyone from even checking out your new services. I don't know what has happened at your end but you have certainly changed and it's not for the better. I'm, about to ditch Firefox altogether, not that you seem to care one way or the other. I tend to be a loyal customer but I'm sorry to say you have lost my trust and you are not doing anything to regain it. Please reconsider your self-serving replies, eat some humble pie and start to come up with solutions to the problems you have caused us before it's too late to recover your prestige. Thank you.

Mozilla folks.. i started having this problem just recently after installing Firefox 22, the worst update you have ever released. This warning appears constantly regardless of how I get to webpage. I have read all the articles on this issue and it seems the best reply you can offer is something along the lines of 'put up with it because it's for your own protection.' Please, don't patronize us. You have really messed up badly with Firefox 22 yet you don't seem to be willing to own up to it. I came to the Support page looking for help with this issue, among other issues that started right after Installing stupid Firefox 22, but all I read is a bunch of BS excuses and no solutions. Many of us don't have to time or care to be tweaking and retweaking this or that every time you come up with a new idea you 'think' we will love.You have made me waste precious hours fixing all the problems you cause with your irresponsible attitude. And now you are venturing into the mobile phone business, yet you can't get release regular updates without creating havoc with our settings. I certainly would discourage anyone from even checking out your new services. I don't know what has happened at your end but you have certainly changed and it's not for the better. I'm, about to ditch Firefox altogether, not that you seem to care one way or the other. I tend to be a loyal customer but I'm sorry to say you have lost my trust and you are not doing anything to regain it. Please reconsider your self-serving replies, eat some humble pie and start to come up with solutions to the problems you have caused us before it's too late to recover your prestige. Thank you.
jscher2000
  • Top 10 Contributor
8638 izisombululo 70669 izimpendulo
Kuphostiwe

Hi Misuko, unfortunately as you know there is no configuration option for this issue.

Is there a particular site that torments you, like the above example of MSKB for logged in users? We might be able to assist with a workaround.

There are support volunteers here, not Firefox developers or UI designers, so workarounds are what we can offer. You also can make your voice heard using

Help > Submit Feedback

Hi Misuko, unfortunately as you know there is no configuration option for this issue. Is there a particular site that torments you, like the above example of MSKB for logged in users? We might be able to assist with a workaround. There are support volunteers here, not Firefox developers or UI designers, so workarounds are what we can offer. You also can make your voice heard using Help > Submit Feedback
SecurityWarningStress 0 izisombululo 2 izimpendulo
Kuphostiwe

Hello, yes, this is total BS. I cannot express my annoyance enough.

While I know nothing much about details about computers, I suspect it has something to do with government having access to information as to what we are looking at (or something??). This way it is protected by saying that a warning that accessing an undsecured site was issued.

Or something like.. I'm busy doing other things so I haven't entirely worked out the link, but it's SUSS - I mean, what the hell is this?? I 'm doing research here and every google page I go to - which should be around 100 a day - I'm getting one, sometimes 2 frueaking annoying alerts that I have to attend to - as well as a "ding" noise to go with it. WTF Firefox?

No, I haven't downloaded or updated it recently. I rarely accept updates too, so how the hell has this come about?

I don't care what the reason, just get rid of it (are you serious??). Forget it I'll use another browser.

BS.

Hello, yes, this is total BS. I cannot express my annoyance enough. While I know nothing much about details about computers, I suspect it has something to do with government having access to information as to what we are looking at (or something??). This way it is protected by saying that a warning that accessing an undsecured site was issued. Or something like.. I'm busy doing other things so I haven't entirely worked out the link, but it's SUSS - I mean, what the hell is this?? I 'm doing research here and every google page I go to - which should be around 100 a day - I'm getting one, sometimes 2 frueaking annoying alerts that I have to attend to - as well as a "ding" noise to go with it. WTF Firefox? No, I haven't downloaded or updated it recently. I rarely accept updates too, so how the hell has this come about? I don't care what the reason, just get rid of it (are you serious??). Forget it I'll use another browser. BS.
jscher2000
  • Top 10 Contributor
8638 izisombululo 70669 izimpendulo
Kuphostiwe

Hi SecurityWarningStress, if you see it again, this might be a useful clue:

I'm busy doing other things so I haven't entirely worked out the link, but it's SUSS - I mean, what the hell is this??

Also, following links from Google should not POST data to sites, so you should not get the error mentioned in this thread. Well, it depends on the sites you're visiting. In the Microsoft example above, if you are logged in to your Microsoft account, a hidden form might be submitted along the way. (The difference between a GET request and POST request is that a GET loads a URL and a POST submits a form.)

If you don't want to update Firefox, you should run an updated version of a different browser for security reasons.

Hi SecurityWarningStress, if you see it again, this might be a useful clue: ''I'm busy doing other things so I haven't entirely worked out the link, but it's SUSS - I mean, what the hell is this??'' Also, following links from Google should not POST data to sites, so you should not get the error mentioned in this thread. Well, it depends on the sites you're visiting. In the Microsoft example above, if you are logged in to your Microsoft account, a hidden form might be submitted along the way. (The difference between a GET request and POST request is that a GET loads a URL and a POST submits a form.) If you don't want to update Firefox, you should run an updated version of a different browser for security reasons.
SecurityWarningStress 0 izisombululo 2 izimpendulo
Kuphostiwe

Hi,

perhaps it's a google thing.. it happens many times over, including in the one browsing session(!) just when I'm googling.

I've changed search engine and it's ok now.

Being spied on sucks.
Hi, perhaps it's a google thing.. it happens many times over, including in the one browsing session(!) just when I'm googling. I've changed search engine and it's ok now. Being spied on sucks.
procan 0 izisombululo 1 izimpendulo
Kuphostiwe

Requiring GET parameter to avoid this problem sounds quite like somebody is not understanding the basics of SAML2.0 which allows only artifact or POST. For example Google uses POST so this has to be solved in a different way than just asking to use GET. Probably the issue with MS is the same, don't really know what's behind the scenes there, though.

Many organizations use the same SAML2.0 IdP for internal and external authentication so the IdP server has to be SSL protected where as many feel that they don't want/need to enable SSL for internal applications and thus run into this problem.

Just make it configurable.

Requiring GET parameter to avoid this problem sounds quite like somebody is not understanding the basics of SAML2.0 which allows only artifact or POST. For example Google uses POST so this has to be solved in a different way than just asking to use GET. Probably the issue with MS is the same, don't really know what's behind the scenes there, though. Many organizations use the same SAML2.0 IdP for internal and external authentication so the IdP server has to be SSL protected where as many feel that they don't want/need to enable SSL for internal applications and thus run into this problem. Just make it configurable.
Xircal 334 izisombululo 3835 izimpendulo
Kuphostiwe

The problem is a simple one and easily solved.

What's happening is that the user is logged into a secure site somewhere and has checkmarked the option to "Stay signed in". This means that even when you exit Firefox, you remain signed into to the secure server wherever that may be.

Now then, when you visit a site somewhere which isn't secure, that is to say, is prefixed with http:// instead of https:// and that site is related in some way to the one you opted to remain signed in with, the warning dialog appears to advise you that the information you have entered is to be sent over an "unencrypted connection and could easily be read by a third party etc."

To prevent the warning from appearing, log out of the site where you opted to remain signed in. It's that simple.

Here's an example which you can try to prove it to yourself. This assumes you have a Hotmail account.

Go to Hotmail, log in and checkmark the option to stay signed in. Close Hotmail, but don't log out.

Next, go to any Microsoft knowledge base article such as this one: http://support.microsoft.com/kb/2908279/en-gb

Firefox will display the dialog box because you're logged into Hotmail which is a secure site while the KB site is unsecured.

Top right of the KB site, you'll see your login details together with the option to log out. Logout and then reload the KB link. I guarantee you won't see the warning dialog because you're no longer logged in to the secure hotmail site.

Hope this helps.

The problem is a simple one and easily solved. What's happening is that the user is logged into a secure site somewhere and has checkmarked the option to "Stay signed in". This means that even when you exit Firefox, you remain signed into to the secure server wherever that may be. Now then, when you visit a site somewhere which isn't secure, that is to say, is prefixed with http:// instead of https:// and that site is related in some way to the one you opted to remain signed in with, the warning dialog appears to advise you that the information you have entered is to be sent over an "unencrypted connection and could easily be read by a third party etc." To prevent the warning from appearing, log out of the site where you opted to remain signed in. It's that simple. Here's an example which you can try to prove it to yourself. This assumes you have a Hotmail account. Go to Hotmail, log in and checkmark the option to stay signed in. Close Hotmail, but don't log out. Next, go to any Microsoft knowledge base article such as this one: http://support.microsoft.com/kb/2908279/en-gb Firefox will display the dialog box because you're logged into Hotmail which is a secure site while the KB site is unsecured. Top right of the KB site, you'll see your login details together with the option to log out. Logout and then reload the KB link. I guarantee you won't see the warning dialog because you're no longer logged in to the secure hotmail site. Hope this helps.
NVSteve 0 izisombululo 16 izimpendulo
Kuphostiwe

I get this message twice every time I try to access a microsoft.com page from a link. I am not intentionally "posting" anything. I guess I'll have to move to Chrome ;-(

I get this message twice every time I try to access a microsoft.com page from a link. I am not intentionally "posting" anything. I guess I'll have to move to Chrome ;-(
NVSteve 0 izisombululo 16 izimpendulo
Kuphostiwe

But to use Microsoft Answers you have to be logged in, then clicking on any link to a KB article I get 2 security messages. Why can't this be turned off?

But to use Microsoft Answers you have to be logged in, then clicking on any link to a KB article I get 2 security messages. Why can't this be turned off?
NVSteve 0 izisombululo 16 izimpendulo
Kuphostiwe

No I have not entered data. No I have not entered data. No I have not entered data. No I have not entered data.

It happens twice when clicking on a link to any Microsoft KB page.

No I have not entered data. No I have not entered data. No I have not entered data. No I have not entered data. It happens twice when clicking on a link to any Microsoft KB page.