Support forums - Security warning sent to Chat client when connecting to HTTPS Host

Support forums » Products » Cute Live Support » Re: Security warning sent to Chat client when connecting to HTTPS Host

Security warning sent to Chat client when connecting to HTTPS Host

Last post 03-05-2008, 4:14 PM by fexpress. 5 replies.


	Sort Posts: Previous Next

02-20-2008, 12:42 PM 37192

fexpress
Joined on 01-11-2008
Posts 15

Security warning sent to Chat client when connecting to HTTPS Host

Reply Quote

We are hosting Live support 4.1 on Windows 2003, IIS6 server and the client receives a security warning that they are accessing both secure and unsecure data when the chat client is pushed to them.

The client can select the icon fill out the chat request https://../../CuteChat/SupportCustomer.aspx wait for an operator to respond to their question. When an operator answers the chat request the Chat window SupportClient.aspx is displayed with the security warning popup: The page contains both secure and non-secure items. Do you want to display the non-secure items? Seems to occur when it’s calling the PlaceName= variable.

Can you help us find a solutions to eliminate the popup?

Thank you;

02-25-2008, 1:06 PM 37335 in reply to 37192

fexpress
Joined on 01-11-2008
Posts 15

Re: Security warning sent to Chat client when connecting to HTTPS Host

Reply Quote

fexpress:

We are hosting Live support 4.1 on Windows 2003, IIS6 server and the client receives a security warning that they are accessing both secure and unsecure data when the chat client is pushed to them.

The client can select the icon fill out the chat request https://../../CuteChat/SupportCustomer.aspx wait for an operator to respond to their question. When an operator answers the chat request the Chat window SupportClient.aspx is displayed with the security warning popup: The page contains both secure and non-secure items. Do you want to display the non-secure items? Seems to occur when it’s calling the PlaceName= variable.

Can you help us find a solutions to eliminate the popup?

Thank you;

After a lot of testing I have notice this error only appears to be an issue with IE 6 and 7.

03-04-2008, 12:45 PM 37553 in reply to 37192

Adam
Joined on 09-23-2003
Aurora, ON
Posts 18,678

Re: Security warning sent to Chat client when connecting to HTTPS Host

Reply Quote

fexpress,

If Site A contains site B information and is using https, the page will always show security warning.

asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
asp wysiwyg html editor: http://cutesoft.net/ASP
asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
Live Support: http://cutesoft.net/live-support/default.aspx

03-05-2008, 12:02 PM 37583 in reply to 37553

fexpress
Joined on 01-11-2008
Posts 15

Re: Security warning sent to Chat client when connecting to HTTPS Host

Reply Quote

Not sure I follow the logic of your reply but I will try. The chat icon is selected from Site A a secure session window for SupportCustomer.aspx is sent to the client from site B witout a security warning; which state there is no code in the page that has an http refrence hense no security warning. After the message is submitted within the secure session and the SupportClient.aspx is sent back, are you stating there are no refrences to http which are wrapped in the secure session and there is nothing you can do to resolve this issue? That is the popup of a security warning to the customer with IE. We have several remote domain apps with simular funtion that are properly wrapped and do not get issued security warnings.

Adam I post these messages because I feel you have a good product and I also know these issue can be resolved; if I am just a burdon and you don't want to deal with them please let me know we can move on.

We will have to meet this requirement to retain our PCI DSS compliance if we can't we will need to pull the application. Thank you.

03-05-2008, 12:15 PM 37585 in reply to 37583

Adam
Joined on 09-23-2003
Aurora, ON
Posts 18,678

Re: Security warning sent to Chat client when connecting to HTTPS Host

Reply Quote

Please don't get me wrong. I didn't feel any uncomfortable when answering your questions.

If Site A contains site B information and is Site A using https, the page will always show security warning.

For this situation, you cannot install the livesupport in Site B and add the cross domain script to site A.

You have two options:

1. Install the live support in each site. Don't use the cross domain solution.

2. If Site A is using https and Site B is not using https, install the live support in Site A instead of Site B.

Hope it helps.

03-05-2008, 4:14 PM 37603 in reply to 37585

fexpress
Joined on 01-11-2008
Posts 15

Re: Security warning sent to Chat client when connecting to HTTPS Host

Reply Quote

Sorry Adam none of my programmers can agree with your asscessment of this issue; nor will any of your proposed soltuions work for securing the entire chat thread and communicaiton. If that were the case any request from site A that received a input box from site B would receive a security waring; in which I have expalined we only receive it one time.

In either caase we could not isntall your application on site A "on our shopping cart" it will not meet the required PCI DSS compliance. And we would have to certify it; don't want to go through the expense.

If I have my programmers look at it and they provide a soltion would you be willing to compenstate us? We may be willing to trade for an applicaiton license. Just a thougth I would really like to solve this for us!

We did resolve the issue and it was rather a simple fix has mentioned before your were making calls in .js to external http server for audio play file to adobe.