Is there a way to source all the components in the Calendar Report over SSL? If not, what is not secure?

  • Profile Image
    rayj
    Asked on October 17, 2012 at 12:57 PM

    The reporting is GREAT - particularly the calendar.  I am concerned however that the data that comes across after a select a record from a date is not secure.  Is that so?  (I have modified the embed code to include https://jotform... vs. http://jotform...)

     

    Thanks,

    Raymond

     

  • Profile Image
    Deygus
    Answered on October 17, 2012 at 01:21 PM

    Hi, I have noticed that you have already secured your url protocol with https://, however, to fully integrate the SSL you can make your form even more secure by replacing the www. with secure.ifrservices.com..,. You can either add it manually if you have already embedded your form by adding in the ' secure. ' or you can just use the Secure Form checkbox to change the direct url link to use before you embed your form. Please also refer to this link to better understand SSL - http://en.wikipedia.org/wiki/HTTP_Secure

     

    If you have any further questions or need more help please let us know.

  • Profile Image
    rayj
    Answered on October 17, 2012 at 02:50 PM

    Thanks for that info.  I've implemented your suggestion.

    Unfortunately, my problem remains: the JotForm Calendar Report has elements from http connections.  So, the browser asks if the user wants to display unsecure content.  How can I make all the content source from https?

    If I cannot, what elements are being sent through unsecure channels?

  • Profile Image
    rayj
    Answered on October 17, 2012 at 02:51 PM
  • Profile Image
    NeilVicente
    Answered on October 17, 2012 at 03:32 PM

    @rayj

    The calendar report isn't optimized for SSL yet - but you do not need to worry as only the script that is responsible for the calendar's aesthetics is not secure, particularly the jQuery script: http://code.jquery.com/jquery-latest.js

    The report's data are being fetched securely by PHP scripts that are hosted in our secure servers.

    If this is still bothering you, I will forward a ticket to our devs to change it so that jQuery script is securely hosted in our own domain. We can't give an ETA though, but we'll inform you once it gets completed.

  • Profile Image
    rayj
    Answered on October 17, 2012 at 03:37 PM

    @NeilVincente

    Thanks!  That's the information I needed!

    And, yes, I would like you to forward a ticket with that request to your dev team.  The page will be doubted by people concerned with HIPAA.

  • Profile Image
    NeilVicente
    Answered on October 17, 2012 at 04:29 PM


    You're quite welcome. The ticket has already been forwarded.

    Regards