noosfero | Recaptcha for anonymous comments does not work behind TLS (#78)
Italo Valcy
gitlab at mg.gitlab.com
Fri Oct 14 11:56:44 BRT 2016
New comment for Issue 78
https://gitlab.com/noosfero/noosfero/issues/78#note_16970641
Author: Italo Valcy
Hello All,
This also happens with the "Forgot Password" function when using Noosfero with SSL/TLS (HTTPS).
As I could debug, this is because noosfero doesn't activate the 'ssl' option for recaptcha_tag helper function, then Firefox, Chrome and modern browsers block the content without SSL inside a SSL page (the error shown on firefox console is: `Blocked loading mixed active content "http://www.google.com/recaptcha/api/js/recaptcha_ajax.js" [Learn More]` https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content)
How to reproduce:
1. Enable SSL/TLS on your noosfero site
2. Try to load any function the uses recaptcha, for instance Forgot Password
See: https://noosfero.ufba.br/account/forgot_password (being fixed soon, so you may not find the bug there later)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20161014/de75b337/attachment.html>
More information about the Noosfero-dev
mailing list