Support forums » Products » Cute Live Support » Re: Security warning sent to Chat client when connecting to HTTPS Host

Security warning sent to Chat client when connecting to HTTPS Host

Last post 03-05-2008, 4:14 PM by fexpress. 5 replies.
Sort Posts: Previous Next

  •  02-20-2008, 12:42 PM 37192

    Security warning sent to Chat client when connecting to HTTPS Host

    Reply Quote
      We are hosting Live support 4.1 on Windows 2003, IIS6 server and the client receives a security warning that they are accessing both secure and unsecure data when the chat client is pushed to them. 

    The client can select the icon fill out the chat request https://../../CuteChat/SupportCustomer.aspx wait for an operator to respond to their question.  When an operator answers the chat request the Chat window SupportClient.aspx is displayed with the security warning popup: The page contains both secure and non-secure items.  Do you want to display the non-secure items?   Seems to occur when it’s calling the PlaceName= variable.


    Can you help us find a solutions to eliminate the popup?
     
    Thank you;

  •  02-25-2008, 1:06 PM 37335 in reply to 37192

    Re: Security warning sent to Chat client when connecting to HTTPS Host

    Reply Quote
    fexpress:
      We are hosting Live support 4.1 on Windows 2003, IIS6 server and the client receives a security warning that they are accessing both secure and unsecure data when the chat client is pushed to them. 

    The client can select the icon fill out the chat request https://../../CuteChat/SupportCustomer.aspx wait for an operator to respond to their question.  When an operator answers the chat request the Chat window SupportClient.aspx is displayed with the security warning popup: The page contains both secure and non-secure items.  Do you want to display the non-secure items?   Seems to occur when it’s calling the PlaceName= variable.


    Can you help us find a solutions to eliminate the popup?
     
    Thank you;
     
    After a lot of testing I have notice this error only appears to be an issue with IE 6 and 7.

  •  03-04-2008, 12:45 PM 37553 in reply to 37192

    Re: Security warning sent to Chat client when connecting to HTTPS Host

    Reply Quote
    fexpress,
     
    If Site A contains site B information and is using https, the page will always show security warning.
     
     

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  03-05-2008, 12:02 PM 37583 in reply to 37553

    Re: Security warning sent to Chat client when connecting to HTTPS Host

    Reply Quote
    Not sure I follow the logic of your reply but I will try.  The chat icon is selected from Site A a secure session window for SupportCustomer.aspx is sent to the client from site B witout a security warning; which state there is no code in the page that has an http refrence hense no security warning.  After the message is submitted within the secure session and the SupportClient.aspx is sent back, are you stating there are no refrences to http which are wrapped in the secure session and there is nothing you can do to resolve this issue? That is the popup of a security warning to the customer with IE.  We have several remote domain apps with simular funtion that are properly wrapped and do not get issued security warnings. 
     
    Adam I post these messages because I feel you have a good product and I also know these issue can be resolved; if I am just a burdon and you don't want to deal with them please let me know we can move on. 
     
    We will have to meet this requirement to retain our PCI DSS compliance if we can't we will need to pull the application.  Thank you.

  •  03-05-2008, 12:15 PM 37585 in reply to 37583

    Re: Security warning sent to Chat client when connecting to HTTPS Host

    Reply Quote
    Please don't get me wrong. I didn't feel any uncomfortable when answering your questions.
     
    If Site A contains site B information and is Site A using https, the page will always show security warning. 
     
     
    For this situation, you cannot install the livesupport in Site B and add the cross domain script to site A.
     
    You have two options:
     
    1. Install the live support in each site. Don't use the cross domain solution.
     
    2. If Site A is using https and Site B is not using https,  install the live support in Site A instead of Site B.
     
    Hope it helps.
     
     
     
     

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  03-05-2008, 4:14 PM 37603 in reply to 37585

    Re: Security warning sent to Chat client when connecting to HTTPS Host

    Reply Quote
    Sorry Adam none of my programmers can agree with your asscessment of this issue; nor will any of your proposed soltuions work for securing the entire chat thread and communicaiton.  If that were the case any request from site A that received a input box from site B would receive a security waring; in which I have expalined we only receive it one time.  
    In either caase we could not isntall your application on site A "on our shopping cart" it will not meet the required PCI DSS compliance. And we would have to certify it; don't want to go through the expense.
     
    If I have my programmers look at it and they provide a soltion would you be willing to compenstate us?  We may be willing to trade for an applicaiton license.  Just a thougth I would really like to solve this for us!
     
    We did resolve the issue and it was rather a simple fix has mentioned before your were making calls in .js to external http server for audio play file to adobe.      
View as RSS news feed in XML