3 Replies Latest reply on Aug 3, 2015 12:04 AM by Sanford Whiteman

    embed Forms2.0 sends always SSL ?

    Takehiro Monday

      Hi all

       

      In my understanding,when using standard embed code, forms SSL depends on the webpage.

      for example, the embed code is

      <script src="//app-xx99.marketo.com/js/forms2/js/forms2.min.js"></script>

      <form id="mktoForm_1276"></form>

      <script>MktoForms2.loadForm("//app-xx99.marketo.com", "999-XXX-999", 1276);</script>

      - When the webpage URL is http://hoge.domain.com/myform.html , the form sends via http.

      - When the webpage URL is https://hoge.domain.com/myform.html , the form sends via https.

      - If I hope the form sends via https explicitly, I change //app-xx99.marketo.com to https://app-xx99.marketo.com.

       

      Now I am confusing.

      I have builded this test environment.

      Forms_test_env.png

      I checked internet access is rejected via http.

      Screen Shot 2015-07-28 at 17.17.26.png

       

      Intranet webpage is http and the form is embedded it.

      If the form sends data via http, I expect an error.

      But the form works fine and the lead is added Lead database correctly.

      Screen Shot 2015-07-28 at 17.20.04.png

      It seems Forms2.0 sends always SSL.

      Is this true?

        • Re: embed Forms2.0 sends always SSL ?
          Sanford Whiteman

          It is mostly true.

           

          Except when it isn't (say, on IE 8).

           

          So this functionality isn't to be trusted.

            • Re: embed Forms2.0 sends always SSL ?
              Takehiro Monday

              Thank you Sanford Whiteman

               

              I did some tests and I learned more.

               

              It seems Crome chooses http or https according to its cache.

              When the webpage is http:// and I clear cache, Chrome try to load Forms JS via http.

              Chrome can not loads Forms JS in this environment.

              Screen Shot 2015-07-30 at 10.56.34.png

              I changed testing environment that http is enable and https is disable to connect internet.

              When the webpage is http:// and I clear cache, Chrome try to load Forms JS via http.

              Chrome shows Forms fine but can not submit data.

              Screen Shot 2015-07-30 at 10.09.50.png

              I understood Forms sends always ssl.

              Thank you

              1 of 1 people found this helpful
                • Re: embed Forms2.0 sends always SSL ?
                  Sanford Whiteman

                  There definitely are a lot of moving parts.  Like I said, the assumption that forms will post over SSL is only mostly true.  I think it's the developers' intent, but it's not documented (which is good, since we can't really complain when it doesn't happen!).

                   

                  As far as caching, consider that HSTS is in use.  Even in an Incognito window + caching disabled + cache supposedly deleted, Chrome still uses cached HSTS responses. So it's very hard to get a clean test environment.

                   

                  I appreciate your further research!

                  1 of 1 people found this helpful