ComponentSpace

Forums



requested an insecure form action - Chrome


requested an insecure form action - Chrome

Author
Message
CodeWarriorMalo
CodeWarriorMalo
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 12
I am experiencing an issue with Chrome only.  A partner is using an IFRAME to hit our SSO endpoint.  When this happens, the IFRAME's content becomes:

<form method="post" action="https://qa-courseplayer.educatored.com/plplogin/samlacs">
 <input type="hidden" name="SAMLResponse" value="[Valid Data Is Here]">
 <input type="hidden" name="RelayState" value="https://qa-courseplayer.educatored.com/plplogin/CourseRedirect?courseId=114740">
 <input type="submit" value="Submit">
</form>
NOTE: I have removed the SAML Response Value, but it is a valid response.
Then, chrome generates the following error:
send?sp=KDS-QA&SAMLRequest=[Valid Request Data]=https%3A%2F%2Fqa-courseplayer.educatored.com%2Fplplogin%2FCourseRedirect%3FcourseId%3D114740:1 Mixed Content: The page at 'https://test.pepperpd.com/courses/PCGEducation/KDS1002/S2019/courseware/5b1cad121de741da9c4d38c442cfd76c/5d4b95a661d04e98ae9c340e05b89596/' was loaded over HTTPS, but requested an insecure form action 'http://qa-courseplayer.educatored.com/PlpLogin/Login?ReturnUrl=%2Fplplogin%2FCourseRedirect%3FcourseId%3D114740'. This request has been blocked; the content must be served over HTTPS.

I cannot figure out where the unsecured version of the login request is coming from.  To be sure, it is not in the code-base as I've searched it, and I do not see it in the host application's code when I inspect the code that I can see.

Any suggestions are welcomed.

Thanks!
CWM
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)

Group: Administrators
Posts: 2.9K, Visits: 9.4K
I'm not sure. I suggest using Chrome browser developer tools (F12) to capture the network traffic to see what's happening. Let me know what you find.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 3 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









Forums, Documentation & Knowledge Base - ComponentSpace


Search