views:

1380

answers:

3

Hi,

I'm writing a Greasemonkey script to connect two company-internal webpages. One is SSL, and the other is insecure and can only be accessed via a POST request. If I create a hidden form on the secure page and submit it via an onclick() in an <a>, it works fine, but FF gives a warning:

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?"

The insecure page can't be accessed via SSL and the other one can't be accessed w/o it, and I can't modify either server =\ Is there any way to avoid this warning by doing some kind of JavaScript/Greasemonkey redirect magic? Thanks!

EDIT: The warning can't be disabled (for rather good reasons, since it's hard to tell if what you're about to send is secure, otherwise). I'm mostly wondering if there's a way to POST in JavaScript without looking like you're submitting a form.

A: 

That's a browser configuration setting, which can't (or shouldn't) be changable by Javascript.

Unless the script needs to be used by more than one user, Tools -> Options -> Security. You can click on settings to display which warning messages are displayed. Note that this currently affects all sites rather then just your internal system.

Raymond Martineau
+1  A: 

You could set up a new SSL site as a proxy that just passes data back to the insecure site. Or just have all your users turn off that particular security warning. (Sorry FF team, but that's not a terribly useful message to start with.)

Eli
+2  A: 

This may be possible by doing a GM_xmlhttpRequest. e.g.,

GM_xmlhttpRequest({
  method: 'POST',
  url: 'http://your.insecure.site.here',
  onload: function(details) {

      // look in the JavaScript console 
      GM_log(details.responseText);

      /* This function will be called when the page (url) 
      has been loaded. Do whatever you need to do with the remote page here.*/
  }
});

API/more info here: GM_xmlhttpRequest wiki

Athena