Cause of Google App Engine's security warning while using Open ID (e.g. in Firefox)?

Basically, the prelude to this question can be found here:

https://groups.google.com/group/google-appengine/browse_thread/thread/d8bc09d56626e82a/7ed967150c9ce025

Setup:

Google App Engine 1.3.5 (1274741460)
Open ID for Authentication
Firefox 3.6.X

On return from the open-id provider's login-page, Firefox complains:

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?

The URL where this happens looks something like:

https://www.google.com/accounts/o8/dc?xsrfsign=BC9jObYAAAAAmMgC0s_0_FmlP6Q0b8ia9Cys1cJNXPCJ

What could be the cause? What could be a solution?

PS. Safari 5 does not complain.

When using ssl for the whole site (eliminating the fact, that information gets passed from a ssl page to a non-ssl page), FF warns about (and subsequently fails to proceed):

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

I understand. But should the error fade away, if my appengine app run completely https://? If so, it's still broken. I edited my question and included the error message.

The MYYN 2010-08-12 14:24:56

I don't know anything about Google App Engine specifically, or the internal workings of FF. But from your description it seems if you have a non-ssl form on your page you'll get the warning, and if you don't, you send data that is too large. Seems like it is up to you to resolve in some fashion. Sorry I can't be more helpful.

Noon Silk 2010-08-12 21:14:16

Thank you, anyway!

The MYYN 2010-08-13 16:27:01

ansaurus

tags:

views:

answers:

Cause of Google App Engine's security warning while using Open ID (e.g. in Firefox)?

related questions