开发者

Cause of Google App Engine's security warning while using Open ID (e.g. in Firefox)?

Basically, the prelude to this question can be found here:

  • https://groups.google.com/group/google-appengine/browse_thread/thread/d8bc09d56626e82a/7ed开发者_如何学Go967150c9ce025

Setup:

  • Google App Engine 1.3.5 (1274741460)
  • Open ID for Authentication
  • Firefox 3.6.X

On return from the open-id provider's login-page, Firefox complains:

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?

The URL where this happens looks something like:

https://www.google.com/accounts/o8/dc?xsrfsign=BC9jObYAAAAAmMgC0s_0_FmlP6Q0b8ia9Cys1cJNXPCJ

What could be the cause? What could be a solution?

PS. Safari 5 does not complain.


When using ssl for the whole site (eliminating the fact, that information gets passed from a ssl page to a non-ssl page), FF warns about (and subsequently fails to proceed):

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)


Seems pretty obvious.

Reading the error, and bolding appropriate items:

Although this page is encrypted, the information you have entered is to be sent [...]

So, a form that's on that page is not going to a HTTPS url.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜