What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
JotForm with Stripe embedded in SquarespaceAsked by gardel on January 19, 2015 at 02:09 PM
I'm managing registrations for a youth sports organization using JotForm forms embedded in a SquareSpace web site. I have added Stripe payments and have embedded the form as a "secure form" using iFrames. It works very well. I do have a couple of questions though:
The page on Squarespace opens in http, not https. To the end user who pays attention, it looks like the transaction is being made over an unsecured connection. The lock icon does not appear in the URL bar in the browser.
Is the transaction secure even though the web page it is embedded on is not? What do others do with this kind of set up?
You are correct about the page not offering the same level of protection as shown with the icon. The iframe however is secure on its own, so all data sent through it will be safe and in its own channel, there are however many other ways that could make it insecure and if implemented as such are against some standards and safety regulations.
Having that said many people and stores are still embedding their stores in such way.
I would recommend that you upgrade your website to HTTPS if possible, or link to the jotform instead if the HTTPS option on your website is not an option at this time.
Doing a quick search on security related website I found this link that might explain things in a bit more details: http://security.stackexchange.com/questions/38317/specific-risks-of-embedding-an-https-iframe-in-an-http-page
Do let us know if you have any further questions.