| 1 person marked this as a favorite. |
When I click on Login, the page I get is no longer an https page, and Firefox (correctly) gives a warning about insecure login when I click in the Password field. This is something that used to work properly as recently as a bit over 1 day ago.
Temporary workaround: Manually edit the URL in the address bar to have "https://" in front of it -- then login works normally.
When I click on Login, the page I get is no longer an https page, and Firefox (correctly) gives a warning about insecure login when I click in the Password field. This is something that used to work properly as recently as a bit over 1 day ago.
Temporary workaround: Manually edit the URL in the address bar to have "https://" in front of it -- then login works normally.
Firefox also says that this is a monumentally *poor* idea. I've been trying to figure out some way to not have to log in every time I view the site.
I had Firefox set to memorize my Paizo login credentials a ways back. It looks like a recent Paizo.com site update undid/borked an automatic redirect from the old site to the secure login. So when I tried to login earlier with my saved creds in Firefox, I was also getting the insecure login warning.
So, as an experiment, I edited my saved Firefox bookmark to go to the secure main page (https://paizo.com) instead of the original one (http://paizo.com). Once the secure page loads, clicking the Sign in link proceeds to the secure login with no warnings.
Unfortunately, in an earlier experiment, I deleted my saved user login & password in Firefox. While I can login without warnings now, Firefox is now refusing to offer to remember my Paizo login, so I have to enter it manually every time. (I have Firefox set to delete all cookies when it closes.)
So try updating your browsers bookmark(s) for Paizo, but don't delete your login info saved in your browser.
Firefox also says that this is a monumentally *poor* idea. I've been trying to figure out some way to not have to log in every time I view the site.When I click on Login, the page I get is no longer an https page, and Firefox (correctly) gives a warning about insecure login when I click in the Password field. This is something that used to work properly as recently as a bit over 1 day ago.
Temporary workaround: Manually edit the URL in the address bar to have "https://" in front of it -- then login works normally.
Firefox doesn't tell me anything's wrong with that -- manually pushing it over to httos (supposedly secure) seems to satisfy Firefox. Of course, I can't swear that pushing a web site's login page over to https from http doesn't silently expose some other vulnerability . . . .
Edit: Just noticed that once I have logged in using the https page, the site seems to stay https.
Software Developer
|
| 3 people marked this as a favorite. |
This has been resolved. You should find yourselves properly forced to HTTPS on all pages, all the time.
We are aware that we still have "mixed" secure pages, wherein pictures or similarly unimportant assets are requested over HTTP, but the default on Paizo.com is now HTTPS all the time, and we're working on migrating the HTTP links accumulated from the last 15 years of content generation.
^Only tested once since your post, but so far seems to work.