views:

47

answers:

1

Basically, the prelude to this question can be found here:

Setup:

  • Google App Engine 1.3.5 (1274741460)
  • Open ID for Authentication
  • Firefox 3.6.X

On return from the open-id provider's login-page, Firefox complains:

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?

The URL where this happens looks something like:

https://www.google.com/accounts/o8/dc?xsrfsign=BC9jObYAAAAAmMgC0s_0_FmlP6Q0b8ia9Cys1cJNXPCJ

What could be the cause? What could be a solution?

PS. Safari 5 does not complain.


When using ssl for the whole site (eliminating the fact, that information gets passed from a ssl page to a non-ssl page), FF warns about (and subsequently fails to proceed):

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

A: 

Seems pretty obvious.

Reading the error, and bolding appropriate items:

Although this page is encrypted, the information you have entered is to be sent [...]

So, a form that's on that page is not going to a HTTPS url.

Noon Silk
I understand. But should the error fade away, if my appengine app run completely https://? If so, it's still broken. I edited my question and included the error message.
The MYYN
I don't know anything about Google App Engine specifically, or the internal workings of FF. But from your description it seems if you have a non-ssl form on your page you'll get the warning, and if you don't, you send data that is too large. Seems like it is up to you to resolve in some fashion. Sorry I can't be more helpful.
Noon Silk
Thank you, anyway!
The MYYN