03-20-2017 10:13 AM - edited 03-20-2017 10:17 AM
Until Weebly makes SSL available in the Pro Plans it appears that both Chrome and Firefox will generate a "Security Alert" when using the Weebly "Password Protect" option!!
Users selecting a protected page will see the following when the log-in page loads...
Does any Mod have any update regarding the provision of SSL for Pro Plans?
03-20-2017 12:13 PM
I don't have any update yet, unfortunately. I wasn't aware that our password protection was defaulting to SSL on non-business sites, though. Let me see what I can find out about this, @NJRFTF.
03-20-2017 02:18 PM
Adam - it's not defaulting to SSL - Google Chrome and now Firefox as well are moving to a mores secure web...
"Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as "not secure," given their particularly sensitive nature.
03-20-2017 02:24 PM
Oh, so you changed it to https manually? We're definitely working on changes as a result of Google and other browsers, so I don't expect things to stay as they are now.
03-20-2017 03:17 PM - edited 03-20-2017 03:28 PM
No - I didn't change anything!!
Here's alink to a blank page that I have put a weebly password on - it is on Pro plan and is a regular HTTP page with of course no SSL.
Try opening that page with the latest Firefox and Chrome browsers and you will see the "not secure" warnings - Chrome in the browser bar and Firefox in the log-in box!!
EVERY weebly password protected page on every weebly website (except Business plans that have implimented SSL) will show the "Not Secure" warnings on the latest Chrome and Firefox versions when served as HTTP. The browser is detecting the presence of any form field that is either a password field or Credit Card field and will then display the warning...
Here's the Chrome Console warning
03-21-2017 10:35 AM
Ahh! Check the settings you have in Chrome/FireFox and see if it has something that tells it to always use HTTPS.
03-21-2017 03:11 PM
Adam - this has nothing to do with a "user" option - this is down to the "host" - please read this extract from Google Developers: https://developers.google.com/web/updates/2016/10/avoid-not-secure-warn
To ensure that the Not Secure warning is not displayed for your pages, you must ensure that all forms containing <input type=password> elements and any inputs detected as credit card fields are present only on secure origins. This means that the top-level page must be HTTPS and, if the input is in an iframe, that iframe must also be served over HTTPS.
Warning: It is NOT sufficient to place an HTTPS iframe inside a HTTP page; the top-level page itself must be HTTPS as well.
If your site overlays an HTTPS login frame over HTTP pages...
...you will need to change the site to either use HTTPS for the entire site (ideal) or redirect the browser window to an HTTPS page containing the login form:
03-21-2017 04:30 PM
I updated my version of Chrome and saw what you mean. Chrome is basically saying that the page isn't secure even though it's not even attempting to load over SSL; including a password field on a page is all it takes now.
I'm going to send you a PM about this, @NJRFTF - one moment.
03-21-2017 05:11 PM
Exactly - and they are aiming soon to simply apply the insecure warning to every page served HTTP regardless of content...
Read your PM - thank you very much for the assistance Adam....
03-31-2017 05:00 PM
So glad I checked in and read this!
Am I correct in stating that this WILL affect every page not having SSL? If not, I apologize. I am wondering if this will be taken care of for all Weebly accounts.
@Adam- Can you answer that one for me, please?
Thanks in advance!