SOLVED

Re: embed Forms2.0 sends always SSL ?

Go to solution
Anonymous
Not applicable

embed Forms2.0 sends always SSL ?

Hi all

In my understanding,when using standard embed code, forms SSL depends on the webpage.

for example, the embed code is

<script src="//app-xx99.marketo.com/js/forms2/js/forms2.min.js"></script>

<form id="mktoForm_1276"></form>

<script>MktoForms2.loadForm("//app-xx99.marketo.com", "999-XXX-999", 1276);</script>

- When the webpage URL is http://hoge.domain.com/myform.html , the form sends via http.

- When the webpage URL is https://hoge.domain.com/myform.html , the form sends via https.

- If I hope the form sends via https explicitly, I change //app-xx99.marketo.com to https://app-xx99.marketo.com.

Now I am confusing.

I have builded this test environment.

Forms_test_env.png

I checked internet access is rejected via http.

Screen Shot 2015-07-28 at 17.17.26.png

Intranet webpage is http and the form is embedded it.

If the form sends data via http, I expect an error.

But the form works fine and the lead is added Lead database correctly.

Screen Shot 2015-07-28 at 17.20.04.png

It seems Forms2.0 sends always SSL.

Is this true?

1 ACCEPTED SOLUTION

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator

Re: embed Forms2.0 sends always SSL ?

It is mostly true.

Except when it isn't (say, on IE 8).

So this functionality isn't to be trusted.

View solution in original post

3 REPLIES 3
SanfordWhiteman
Level 10 - Community Moderator

Re: embed Forms2.0 sends always SSL ?

It is mostly true.

Except when it isn't (say, on IE 8).

So this functionality isn't to be trusted.

Anonymous
Not applicable

Re: embed Forms2.0 sends always SSL ?

Thank you Sanford Whiteman

I did some tests and I learned more.

It seems Crome chooses http or https according to its cache.

When the webpage is http:// and I clear cache, Chrome try to load Forms JS via http.

Chrome can not loads Forms JS in this environment.

Screen Shot 2015-07-30 at 10.56.34.png

I changed testing environment that http is enable and https is disable to connect internet.

When the webpage is http:// and I clear cache, Chrome try to load Forms JS via http.

Chrome shows Forms fine but can not submit data.

Screen Shot 2015-07-30 at 10.09.50.png

I understood Forms sends always ssl.

Thank you

SanfordWhiteman
Level 10 - Community Moderator

Re: embed Forms2.0 sends always SSL ?

There definitely are a lot of moving parts.  Like I said, the assumption that forms will post over SSL is only mostly true.  I think it's the developers' intent, but it's not documented (which is good, since we can't really complain when it doesn't happen!).

As far as caching, consider that HSTS is in use.  Even in an Incognito window + caching disabled + cache supposedly deleted, Chrome still uses cached HSTS responses. So it's very hard to get a clean test environment.

I appreciate your further research!