The Focus Elf Posted July 20, 2022 Posted July 20, 2022 (edited) First and foremost, we have just upgraded the site from 2.14, and started from scratch with a fresh install of 4.7. We're using it as a corporate intranet so before the forum can be viewed a user needs to login. This presents issue number 1: The Email/Password field is all that is displayed, and placing your cursor in the box in chrome and other browsers yields the following: "This form is not secure. Autofill has been turned off." No problem necessarily, though I would like my folks using this site to be able to save their credentials if they choose, so we just type our credentials in there and click sign-in. This brings us to the next "stop", where a message greets me with: The information you’re about to submit is not secure Because this form is being submitted using a connection that’s not secure, your information will be visible to others. Ok, so an option below is Send Anyway, I do and I am in. For me this is fine, but for other users, I am hearing reports of being returned to the blank sign in page. I can't quite figure it out. It may be Safari related (I have replicated this issue on a 2019 iPad Pro), but with so many of the users logging in via iPhone, tablet or mac, the site not working in Safari isn't an option. Do we need an SSL? If so, is there a way I can register the SSL inside of IPS? Any help would be appreciated. EDIT: Let me also add that I did search the board first, so please accept this "new user's" apology if there is a thread on this somewhere here and I am simply describing it with a different language. This post was NOT created out of laziness or an unwillingness to search/exhaust the problem elsewhere. Edited July 20, 2022 by Scott Hinds1 Update title to be more descriptive of the issue.
Solution Jim M Posted July 20, 2022 Solution Posted July 20, 2022 This is the browser coming back to you with this information because you are not running the site (I presume) with an SSL certificate and over HTTPS. The web has switched to being a security concise place so browsers will now warn you if you are on an HTTP website and submitting forms with sensitive information, such as login credentials. You would need to get with your hosting provider/server administrator and add an SSL certificate to the server. Then follow the instructions below to ensure your community is running over HTTPS: The Focus Elf and SeNioR- 1 1
The Focus Elf Posted July 20, 2022 Author Posted July 20, 2022 5 minutes ago, Jim M said: This is the browser coming back to you with this information because you are not running the site (I presume) with an SSL certificate and over HTTPS. The web has switched to being a security concise place so browsers will now warn you if you are on an HTTP website and submitting forms with sensitive information, such as login credentials. You would need to get with your hosting provider/server administrator and add an SSL certificate to the server. Then follow the instructions below to ensure your community is running over HTTPS: Jim, thanks for the quick reply. Do you feel that this might help with the unresolvable login issues some of our users are experiencing? Thank you! I reached out to our webhost as we are running this site on a subdomain intranet.webdomain.com - as an example. I suspect if we are using an SSL cert at webdomain.com we can have it cover the subdomain as well.
Jim M Posted July 20, 2022 Posted July 20, 2022 A completely blank white page is often the sign of a suppressed PHP or server error. You would want to consult your server error logs on your server for more information here. However, simply guessing here, if you are guided by an intranet (i.e. VPN or network), it could also be these users don't have access to your sub-domain and are getting a default page. This, unfortunately, would be up to yourself to diagnose as that would be a network issue. If you are unsure how, you will want to work with your hosting provider on these items.
The Focus Elf Posted August 1, 2022 Author Posted August 1, 2022 (edited) Ok @Jim M, again thank you for the replies and the help so far. I have verified the SSL cert is alive and well - but I am still receiving these messages. This is not a "true" intranet, VPN, or otherwise, but a restricted subdomain. It can be accessed from anywhere. Also, on your SSL walkthrough above, I am not showing the same areas/menu options to navigate to these settings. Edited August 1, 2022 by The Focus Elf
Marc Posted August 1, 2022 Posted August 1, 2022 You would see these on all installations. You need to edit your conf_global.php file and change the URL to use https instead of http.
Recommended Posts