Security warning after payment « Gravity Support Forums

Gravity Support Forums » Plugin Support » Gravity Forms PayPal Add-On

lukef
Member

I'm new, so please be nice... :-)

I just set up my first site with Gravity forms, after paying and clicking the button to return to the site, Chrome dies, but if I try it in Firefox I get this warning
http://dl.dropbox.com/u/26727846/security.png

Obviously I don't want to scare the visitors, is that because I dont have an SSL cert? I was under the impression that Paypal took care of security as they are receiving the payment? what exactly is unsecure? the form info?

If I do need SSL, Will adding it now break anything?

Thanks

Posted 12 years ago on Tuesday March 6, 2012 | Permalink
Dana Cobb
Administrator

Hi, lukef,

You are seeing the security message because once you click to return to the site, the connection is no longer secure. You are being sent back to the form to show the confirmation message, page, or redirect url. To prevent this, you can have your form setup securely on SSL, so that when the redirect from PayPal back to your site occurs, the session is secure on both ends. Making the form secure now won't break anything.

Posted 12 years ago on Wednesday March 14, 2012 | Permalink
bhays
Member

I'm getting the same warning, but I do have a SSL certificate installed. Torm is submitted via HTTPS but is trying to return to HTTP, is there a way to force the return address from PayPal to be HTTPS?

Posted 12 years ago on Friday March 30, 2012 | Permalink
bhays
Member

Apparently, the HTTPS is checked via the $_SERVER global on line 2595. This should work fine in most circumstances, but thanks to Network Solutions and their proxy SSL it does not. I had to hard code the https in for now.

And on that note, stay away from Network Solutions at all costs.

Posted 12 years ago on Friday March 30, 2012 | Permalink
Trevor
Member

So, essentially then if you want to use Gravity form PayPal plugin you need a security certificate? Well it's not essential I guess, but I think that this security warning would make for very unhappy and unsure customers, so really it is needed.

Is there any alternative solution? I'm wondering because the big benefit of using PayPal is not having to worry about this and clients being able to save on the SSL certificate cost.

Thanks a ton!
Trevor

Posted 11 years ago on Monday April 30, 2012 | Permalink
David Peralty

If you don't redirect back to your form then this issue is moot and you don't need a SSL. If is only because you are sending data back from a secure site to a non-secure one that this error should appear.

Posted 11 years ago on Tuesday May 1, 2012 | Permalink
Trevor
Member

Thanks for getting back to me so fast. My concern is that if you stop people from redirect back to your site, don't you lose the ability to present a follow-up / thank you message after someone makes a purchase--which is pretty much essential ?

Also, how would I stop PayPal from re-directing back to website if I do want to go this route? I don't have "Auto Return" on PayPal, but I don't think you can remove the link back to your website, so I'm not sure how to stop people from clicking back through and getting the warning?

Thanks again!

Posted 11 years ago on Tuesday May 1, 2012 | Permalink
David Peralty

Unfortunately, I'm no expert in Paypal, but I have paid for a number of things with my Paypal account, and not all of them have redirected me back afterwards. I can say that you are correct in everything else, but it looks like if you want to pass any details back to your site, you'll need an SSL to get rid of that warning.

I'm not sure how to do it, but if you could create a thank you page without any kind of details from the transaction in it, you probably won't get that warning, but you would be best to talk to Paypal directly about that.

Posted 11 years ago on Tuesday May 1, 2012 | Permalink
Trevor
Member

Just wondering if anyone else has any ideas on this security warning?

I'm surprised this isn't a bigger concern from Gravity Form users...I thought for a lot of folks the whole idea of using PayPal is so you don't need an SSL certificate, but then isn't everyone without an SSL getting this security warning whenever someone finishes their transaction and clicks the return to website button on Paypal?

Thanks in advance!

Posted 11 years ago on Friday October 5, 2012 | Permalink
Chris Hajer
Key Master

I have never received this error message when returning to my site after completing a Gravity Forms/PayPal transaction. I don't have an SSL certificate. I wonder if it's a browser or OS thing? Which browser are you using and on what operating system?

Posted 11 years ago on Friday October 5, 2012 | Permalink
AFA-IT
Member

I was always getting that Security Warning, until I tried setting the "rm" parameter to "1", rather than "2", in paypal.php, as described towards the bottom of this post:

http://www.gravityhelp.com/forums/topic/this-page-is-unsecured

As I'd rather not have to edit the code, and lose the change when updating the plug-in, could a permanent fix implementing this be investigated?

Posted 11 years ago on Sunday October 14, 2012 | Permalink
Chris Hajer
Key Master

I've brought this issue and the other post you linked to to the attention of the developers. Thank you.

Posted 11 years ago on Sunday October 14, 2012 | Permalink
Alex Cancado
Administrator

The rm PayPal parameter is used to control how the page is sent back from PayPal to your site. With rm=1, PayPal will simply redirect the user to your site, and rm=2 will actually post the data back to the site. We have decided to use rm=2 as that could be useful for some users that need to display that information on their pages. I am not sure why the warning message is being displayed, but that is something specific to some configurations, and not to everybody. We will look for a way to allow the rm parameter to be changed via a hook and also try to find out why the return URL is not using HTTPS for some users.

Posted 11 years ago on Tuesday October 16, 2012 | Permalink

This topic has been resolved and has been closed to new replies.