Jump to content

CHROME insecure message in create_account page

A. Dias

By A. Dias
in General topics

 Share

Recommended Posts

A. Dias Newbie

A. Dias

Posted
Posted (edited)

Hi,

When I create a new account in my 1.7.7.0 store with CHROME version 87.0.4280.88 I get the following warning message:

Quote

The information you’re about to submit is not secure

Because the site is using a connection that’s not completely secure, your information will be visible to others.


This only occurs with CHROME browser: if I use MS EDGE browser, I get no warnings. This problem also occurred in 1.7.6.8 version, so I upgraded to 1.7.7.0  but problem persists.

My website has HTTPS activated with LET'S ECNRYPT SSL certificates, and everything else seems to work fine.

If you want to test this issue, please give it a try in my demo store:

https://m4b.consulting/demo

Any clue on how to solve this?

Is there any PS log where I can analyze possible problems? Or

AD

Edited by A. Dias
provide tags (see edit history)
Link to comment
Share on other sites
eldermaster Newbie

eldermaster

Posted
Posted

I confirm also that it happens the same with our websites 1.7.6.1 versions up to version 1.7.7.0

This stupid message is only on desktop chrome

I think when you press SAVE, the redirect rules don't work as should be or the forms have indeed a problem of security.

Prestashop Team don't look at the forums?

 

on safari web, chrome mobile no issues

Anyone who can help on this matter will be highly appreciated .

maybe is possible a workaround somehow

we are blocked with our project because of this issue.

Best regards,

Link to comment
Share on other sites
eldermaster Newbie

eldermaster

Posted
Posted (edited)

Yeah, 

I got another certificate ... same problem.

Did over 10 different installations of PS 1.7 all have this issue that from my point of view is a Major one.

That message for a eCommerce consumer is poison.

Even you as merchant, you know that everything is ok, the new possible customer that will probably see this blank page with that message will GO OUT instantly out from your shop and of course you will loose sales.

Really no one who can help us with this issue? I bet that that all who have PS1.7 and this new version of Chrome, have this bug.

Please ?

 

Edited by eldermaster (see edit history)
Link to comment
Share on other sites
az-vm Newbie

az-vm

Posted
Posted
5 minutes ago, eldermaster said:

Yeah, 

I got another certificate ... same problem.

Did over 10 different installations of PS 1.7 all have this issue that from my point of view is a Major one.

That message for a eCommerce consumer is poison.

Even you as merchant, you know that everything is ok, the new possible customer that will probably see this blank page with that message will GO OUT instantly out from your shop and of course you will loose sales.

Really no one who can help us with this issue? I bet that that all who have PS1.7 and this new version of Chrome, have this bug.

Please ?

 

Agree in total! This is very bad, and we are on the time of christmas shooping... worst..

Link to comment
Share on other sites
eldermaster Newbie

eldermaster

Posted
Posted (edited)

Ok,

So after i got very frustrated with this bug I decided to solve it in my way, alone ..... 

So anyone who encounter this issue this is how I fixed it.

1. Go to /controllers/front

2. Open AuthController.php

3. Look for  

if ($hookResult && $register_form->submit()) {
                    $should_redirect = true;

is around line 60

4. Comment $should_redirect = true; like that  //$should_redirect = true;

5. Add after this line Tools::redirectLink(__PS_BASE_URI__);

To be more confident with the solution do the same with line 77 - even this is only for the login process when the client is already registered ... so is not really necessary :) to do this second change.

if (Tools::isSubmit('submitLogin')) {
                if ($login_form->submit()) {
                    //$should_redirect = true;
                    Tools::redirectLink(__PS_BASE_URI__);

Post here if is working for you,

PS: Possible drawback is that the customer will always be redirected to homepage, no matter the page where he is when he decide to create the account - but I don't care ... at least no more security error

The order process when the customer create his account is not affected by this change. He will be redirected as usual into confirmation page.

Good luck,

Edited by eldermaster (see edit history)
Link to comment
Share on other sites
az-vm Newbie

az-vm

Posted
Posted
1 hour ago, eldermaster said:

Ok,

So after i got very frustrated with this bug I decided to solve it in my way, alone ..... 

So anyone who encounter this issue this is how I fixed it.

1. Go to /controllers/front

2. Open AuthController.php

3. Look for  

if ($hookResult && $register_form->submit()) {
                    $should_redirect = true;

is around line 60

4. Comment $should_redirect = true; like that  //$should_redirect = true;

5. Add after this line Tools::redirectLink(__PS_BASE_URI__);

To be more confident with the solution do the same with line 77 - even this is only for the login process when the client is already registered ... so is not really necessary :) to do this second change.

if (Tools::isSubmit('submitLogin')) {
                if ($login_form->submit()) {
                    //$should_redirect = true;
                    Tools::redirectLink(__PS_BASE_URI__);

Post here if is working for you,

PS: Possible drawback is that the customer will always be redirected to homepage, no matter the page where he is when he decide to create the account - but I don't care ... at least no more security error

The order process when the customer create his account is not affected by this change. He will be redirected as usual into confirmation page.

Good luck,

Thank you @eldermaster for the share.

I will try it, and keep you posted.

 

Link to comment
Share on other sites
systemil Newbie

systemil

Posted
Posted

Hi

same issue here, I explain in this article how to fix that issue https://www.ludoc.fr/2020/12/14/les-informations-que-vous-etes-sur-le-point-de-soumettre-ne-sont-pas-securisees-prestashop-1-7/
the article is in French, but to summarize : 

edit file classes/Tools.php

replace line 196 

$use_ssl = !empty($url);

by 

$use_ssl = NULL;

 

(used at your own risk) 😉

Link to comment
Share on other sites
eldermaster Newbie

eldermaster

Posted
Posted
5 minutes ago, systemil said:

Hi

same issue here, I explain in this article how to fix that issue https://www.ludoc.fr/2020/12/14/les-informations-que-vous-etes-sur-le-point-de-soumettre-ne-sont-pas-securisees-prestashop-1-7/
the article is in French, but to summarize : 

edit file classes/Tools.php

replace line 196 


$use_ssl = !empty($url);

by 


$use_ssl = NULL;

 

(used at your own risk) 😉

Thank for the share. 

I am now very curious what is the effect of this general change. 
An official point of view will be great. 

Indeed my solution target strictly the /connection? create_account=1 submit but I do not know about a general change that is inside Tools.php regarding ssl

Will help to see here more feedback from other users who can offer a valid point of view. 

Thank you so much for the share

Link to comment
Share on other sites
systemil Newbie

systemil

Posted
Posted
5 minutes ago, eldermaster said:

Thank for the share. 

I am now very curious what is the effect of this general change. 
An official point of view will be great. 

Indeed my solution target strictly the /connection? create_account=1 submit but I do not know about a general change that is inside Tools.php regarding ssl

Will help to see here more feedback from other users who can offer a valid point of view. 

Thank you so much for the share

yes in fact the redirect function is a bit strange, by default it disable SSL for the homepage but I don't know why 

Link to comment
Share on other sites
eldermaster Newbie

eldermaster

Posted
Posted

I will stay for the moment with my solution that I know for sure it targets only the Auth and Creation of a user, and only on that specific zone. 
But I am happy to see that people starts to be constructive around this bug. 
Maybe soon we will have a final solution validated. 

Link to comment
Share on other sites
az-vm Newbie

az-vm

Posted
Posted
1 hour ago, eldermaster said:

Thank for the share. 

I am now very curious what is the effect of this general change. 
An official point of view will be great. 

Indeed my solution target strictly the /connection? create_account=1 submit but I do not know about a general change that is inside Tools.php regarding ssl

Will help to see here more feedback from other users who can offer a valid point of view. 

Thank you so much for the share

It woks for now. thank you for share it with us! :-)

Link to comment
Share on other sites
az-vm Newbie

az-vm

Posted
Posted
1 hour ago, az-vm said:

Thank you @eldermaster for the share.

I will try it, and keep you posted.

 

I have tested and it works on this way:

 

               if ($hookResult && $register_form->submit()) {
                 //  $should_redirect = true;
                   Tools::redirectLink(__PS_BASE_URI__);
                }
            }

 

In other way it will keep the page in registration form and will not change it. it gives ideia to customer that registration don´t work!

 

Thank you again @eldermaster  :-)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...