Basically, the prelude to this question can be found here:
Setup:
- Google App Engine 1.3.5 (1274741460)
- Open ID for Authentication
- Firefox 3.6.X
On return from the open-id provider's login-page, Firefox complains:
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?
The URL where this happens looks something like:
https://www.google.com/accounts/o8/dc?xsrfsign=BC9jObYAAAAAmMgC0s_0_FmlP6Q0b8ia9Cys1cJNXPCJ
What could be the cause? What could be a solution?
PS. Safari 5 does not complain.
When using ssl for the whole site (eliminating the fact, that information gets passed from a ssl page to a non-ssl page), FF warns about (and subsequently fails to proceed):
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)