All Marketo forms (still) blocked in Firefox even after trying "solutions"

Anonymous · ‎07-20-2016

EDIT: Looks like one actual solution here might be to get an SSL cert for our landing page domain (zozi.mktoweb.com CNAME'd as go.zozi.com) and use that URL in the loadForm call. Looks like that is possibly by contacting support: Add SSL to your Landing Pages - Marketo Docs - Product Docs I will update this part of this post if that is the solution we go with / if it solves the issue.

As some of you are aware, Firefox now gives the option to enable tracking protection at all times (even outside of Private mode). Many users (like my self) choose this option while installing the browser, meaning it is on all the time. This means any request to marketo.com will be blocked by Firefox if the user has chosen that option during installation or is in Private Browsing mode. This results in Marketo forms not being loaded at all.

Firefox uses the Disconnect standard block list, which can be seen here: https://disconnect.me/trackerprotection/blocked

I have read all the threads here on getting around FF tracking protection and am still at a dead end.

When you call MktoForms2.loadForm('//app-sj16.marketo.com', ... it makes a request to the Marketo servers. This is blocked by tracking protection. Some users on here suggest using a CNAME and pointing that loadForm call at the aliased domain, like MktoForms2.loadForm('//mkto.zozi.com'... That does work, but only for an http connection (you cant use https on the CNAME unless the certificate on the Marketo end is signed for your aliased domain). If you use https, all modern browsers will stop the request via the aliased domain because it is insecure.

So, another thread suggests using your landing page domain (zozi.mktoweb.com in our case). This lets the form load in Chrome but just makes your HTTPS symbol in your URL red (bad!)

Firefox still blocks it completely

Hard to believe Marketo doesn't provide SSL for *.mktoweb.com...

So, here I am left with two options. A) don't use HTTPS on my website, or B) don't use Marketo forms. Which will it be? I think that is obvious if this doesn't get resolved fairly quickly...

How many people are effected by this?

SanfordWhiteman · ‎07-21-2016

Upload the file /marketo-xdframe-relative.html (you can get it from the demo link) to your Marketo instance.

Then reference the path in setOptions:

MktoForms2.setOptions({
  formXDPath:"/rs/AAA-BBB-CCC/images/marketo-xdframe-relative.html"
});

And create a behavior + origin for that path.

(You could put the file on S3 or any other host, but to avoid more moving parts I would use Marketo.)

View solution in original post

Anonymous · ‎10-26-2016

Hi Sanford,

We are dealing with the same issue. Where in Marketo would you upload the marketo-xdframe-relative.html file? Also, could you elaborate on create a "behavior + origin for that path."

Any help is greatly appreciated.

SanfordWhiteman · ‎10-26-2016

You can upload it into your standard Marketo assets. Create a folder like "HTML" (although the folder doesn't actually affect the URL path).

When I say "create a behavior + origin" that's CloudFront-speak. You don't need to use CloudFront or another CDN for this if your pages are all regular http: or if your Marketo LP domain(s) have an SSL cert installed so they work over https:. You need a CDN if your pages are secure but your Marketo LP domain is not.

Anonymous · ‎10-26-2016

Hi Sanford,

Thank you for getting back to me so quickly. I'm using pretty much exactly the same code you put in your codepen.

I'm getting a "Subscriber 'OUR CODE' is not valid," error and the form are not loading. The forms work when we use regular Marketo loadform calls. Any thoughts?

Thank you again.

SanfordWhiteman · ‎10-26-2016

Please post the URL to your working and non-working pages.

Anonymous · ‎10-27-2016

Hi Sanford,

First off, thank you for this codepen. I have been looking for weeks for a solution to the Firefox private browsing issue. I uploaded the file to our instance, changed the loadform to our instance that is SSL encrypted and not on Marketo servers, and it is working like a charm. Thank you so much for doing this and being a part of the community. Will upload URL after we post live, but wanted to say thank you.

SanfordWhiteman · ‎10-27-2016

Great! This is a pesky problem, but it's good we can work around it without being too crazy (although I think most Marketo users would be scared off, so my hat's off to you for going through with it).

SanfordWhiteman · ‎07-21-2016

The solution was in my CodePen (the link I sent before works completely).

Anonymous · ‎07-21-2016

Geoffrey Krajeski Sanford Whiteman

Geoff_Krajeski1 · ‎07-21-2016

Marketo Support is able to install an SSL cert of yours for a few.

My team is currently in the middle of this!

Geoff_Krajeski1 · ‎07-21-2016

*fee

SanfordWhiteman · ‎07-21-2016

*fortune

SanfordWhiteman · ‎07-21-2016

There's another potential solution.Try using this endpoint:

//marketo-app-ab12.figureone.com

Let me know if that works. Demo with your form here: http://codepen.io/figureone/pen/fb317fa5ad966ca08b0de57b27b39015

Anonymous · ‎07-21-2016

This appears to work. What is figureone.com? Your own website? Is this a reliable endpoint that wont change? I dont feel comfortable pointing my production app at some third party proxy I have no control over.

SanfordWhiteman · ‎07-21-2016

It's an Amazon CloudFront distribution and certainly more reliable than the forms endpoint behind it.

It is, however, experimental. I'm not expecting you to switch over to it immediately -- I needed you to verify that it worked for your case. I'm weighing making this a published service. If it works for you, that means it's closer to being a general problem solver.

Anonymous · ‎07-21-2016

It does work for me. Good to know that works though. We use AWS / Cloudfront so I can just spin up a Cloudfront distribution on our own account as a short term solution. Thanks for this.

SanfordWhiteman · ‎07-21-2016

Skylar Brown

SanfordWhiteman · ‎07-21-2016

You should be running HTTPS on your LP domains. This has been true for awhile: without it, you lose referrer information.

(If Marketo ran SSL on *.mktoweb.com, that would be nice, but it wouldn't necessarily be a solution. mktoweb.com is a deeply Marketo-associated domain and thus can be expected to be blocked by anti-tracking plugins/features.)

Anonymous · ‎07-21-2016

Yes, that would be nice if they did. They don't probably because they charge thousands of dollars for SSL on landing pages as an upsell. Which is absolutely ridiculous considering one of their core products is fundamentally broken without it...