Web Page security with embedded form

  • hartmutgunther
    Asked on July 24, 2014 at 11:38 PM

    Hi

    All going well other than this...

    Our website under development is 

    https://toxno.com.au

    The site has an SSL certificate. When viewed in chrome, firefox and safari all is good until you get to the page that hosts the secure jot form.

    I have 2 images embedded in the form but they also refer to https urls on the website

    https://toxno.com.au/assess.html

    the message (and icon) that comes up in chrome and firefox is

    " Your connection to toxno.com.au is encrypted with 128-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.

    The connection uses TLS 1.2.

    The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism."

    ALL other pages on site don't get this message.

     

    Any suggestions ??

     

    This would obviously put security conscious people off.

     

    thanks in advance - Hartmut

     

    Page URL: https://toxno.com.au/assess.html
  • jedcadorna
    Replied on July 25, 2014 at 6:33 AM

    I think this happens because of mixed content loaded in your website which some loads HTTPS and some loads HTTP. I've seen few error in your page that some are loaded unsecurely.

    As you can see in this screenshot that some are not loaded on HTTPS and this is causing the issue.

    Web Page security with embedded form Image 1 Screenshot 20

    You'll most likely get this warning since some images from Jotform are loaded unsecured. The only solution to that is to have all scripts and images on HTTPS.

  • hartmutgunther
    Replied on July 25, 2014 at 6:41 AM

    Thanks a lot jedcadorna.

    I should be able to take care of most of this except the last one - I don't understand

    what  is shots.jotform...elton/radio_flat.png

    and how would I make this https

     

    thanks

  • jedcadorna
    Replied on July 25, 2014 at 6:49 AM

    That's from our server. He's one of our team members. I think the widget that you were using was loaded from he's ftp account and I'm not sure if that can be replaced as HTTPS. I think all of our ftp accounts are on HTTP so most likely error will be coming from that png file.

  • hartmutgunther
    Replied on July 25, 2014 at 6:52 AM

    Thanks, but what can I do about it? Where am I using it on the form. The only Widget I use is the Form Calculation Widget.

     

    thanks

     

  • jedcadorna
    Replied on July 25, 2014 at 7:20 AM

    I have cloned your form and I found the image is in your CSS settings. You can download the image and load it into your server to make it secure then give us the URL and we'll update your form image URL.

    Web Page security with embedded form Image 1 Screenshot 30

    Download it in this URL https://shots.jotform.com/elton/radio_flat.png then upload it into your server.

    Web Page security with embedded form Image 2 Screenshot 41

  • hartmutgunther
    Replied on July 25, 2014 at 7:43 AM

    Thanks. That code is actually in my injected CSS

    Why can't i just do as you say - download the image and but then change the injected CSS.

    That should than eliminates the need for ":  then give us the URL and we'll update your form image URL."

     

    what do you think jedcadorna 

  • jedcadorna
    Replied on July 25, 2014 at 7:59 AM

    Of course, you can do that on your end what I meant was if you happen to load it on your server and you need me to update your CSS I'll be glad to help, but if you can manage to do it on your end I'll just be waiting for your response and we'll see if it somehow changes the error that you are getting on your page.

  • hartmutgunther
    Replied on July 25, 2014 at 8:07 AM

    Thanks so much.

     

    Will keep you posted  jedcadorna

     

    Hartmut