Cause of Google App Engine's security warning while using Open ID (e.g. in Firefox)?
Basically, the prelude to this question can be found here:
- https://groups.google.com/group/google-appengine/browse_thread/thread/d8bc09d56626e82a/7ed开发者_如何学Go967150c9ce025
Setup:
- Google App Engine 1.3.5 (1274741460)
- Open ID for Authentication
- Firefox 3.6.X
On return from the open-id provider's login-page, Firefox complains:
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?
The URL where this happens looks something like:
https://www.google.com/accounts/o8/dc?xsrfsign=BC9jObYAAAAAmMgC0s_0_FmlP6Q0b8ia9Cys1cJNXPCJ
What could be the cause? What could be a solution?
PS. Safari 5 does not complain.
When using ssl for the whole site (eliminating the fact, that information gets passed from a ssl page to a non-ssl page), FF warns about (and subsequently fails to proceed):
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
Seems pretty obvious.
Reading the error, and bolding appropriate items:
Although this page is encrypted, the information you have entered is to be sent [...]
So, a form that's on that page is not going to a HTTPS url.
精彩评论