Ebay sign in page does not have padlock-states only partially encrypted..IE has padlock. Why is ebay's sign in page not secure in Firefox? FF Version 14.0.1
When signing into ebay, the page starts to load with the green padlock, but when page is fully loaded there is no padlock. I can use Internet Explorer and so to the sign in page and it has the green padlock.
Why in Firefox is this sign in page not secure? Thanks
Edeziri
All Replies (15)
I'm getting the green lock at the moment.
When you have a problem with one particular site, a good "first thing to try" is clearing your Firefox cache and deleting your saved cookies for the site.
1. Bypass Firefox's Cache
Use Ctrl+Shift+r to reload the page fresh from the server. Any difference? If not...
2. Clear Firefox's Cache Completely
orange Firefox button or Tools menu > Options > Advanced
On the Network mini-tab > Cached Web Content : "Clear Now"
3. If needed, remove the site's cookies in this dialog
While viewing a page on the site, right-click and choose View Page Info > Security > "View Cookies"
Then try reloading the page. Does that help?
I see this request with a Moved Temporarily location response to an insecure http: link.
- https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=0&ru=http%3A%2F%2Fmy.ebay.com%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyEbay%3D%26gbh%3D1%26guest%3D1&pageType=3984
If the warning for mixed content is enabled that I'm notified.
https://srv.main.ebayrtm.com/rtm?RtmCmd&a=json&p=11751&ph=0&ev=0&uf=0&ord=1346238031178&e=USC:1&z=10&bw=820&bh=906&cg=1346238210555&enc=UTF-8&v=4&rnc=1&cb=vjo.dsf.assembly.VjClientAssembler._callback0&_vrdm=1346238210556 HTTP/1.1 302 Moved Temporarily Server: Apache-Coyote/1.1 Location: http://srv.main.ebayrtm.com/rtm?RtmCmd&a=json&p=11751&ph=0&ev=0&uf=0&ord=1346238031178&e=USC:1&z=10&bw=820&bh=906&cg=1346238210555&enc=UTF-8&v=4&rnc=1&cb=vjo.dsf.assembly.VjClientAssembler._callback0&_vrdm=1346238210556&r=yes
It only happens the first time visiting the link and I can make it reappear if I use Clear Recent History to clear these items (Last Hour): Cookies, Cache, Active Logins If I leave out any those then it doesn't happen.
Edeziri
I'm having the problem too. Only with Ebay. When I go to sign in, there is NO green padlock and when I right-click on the page, it says 'partially encrypted'. I cleared all the cookies in Mozilla by going to tools>options>advanced>network tab and chose 'clear now' under 'cached web content' and it didn't solve the problem. I'm now having to use IE to sign in securely on Ebay which I hate doing since IE is prone to freezing up and slowing my PC down. Any other solutions out there??
Screen shot:
That is still a problem with the eBay login page (http://my.ebay.com)
There is still a http redirect with this request.
HTTP/1.1 302 Moved Temporarily
Firefox shows in such a case a broken padlock to make that noticeable, but other browsers may not do that.
The Developer tools in Google Chrome show that http request in RED, but the location bar in GC shows an encrypted connection and you won't notice that files were retrieved via an insecure connection.
I either do not have an eBay account or I don't have a cookie for it. Maybe that's why I get a nice green lock on this page (redirected from my.ebay.com)? (I notice the word "guest" in there...)
I'm not getting redirected on either request made to srv.main.ebayrtm.com by that page.
Edit: Forget what I said. My normal profile doesn't redirect, but if I start Firefox in a new profile, it does. There are way too many customizations to be able to quickly track down the difference.
Edeziri
IE presents me the dialog to block the insecure content. Firefox does not currently have this feature, but might have it in the future, as noted in this thread: Can unencrypted items in a https connection be hidden?
Firefox 18 will have this.
It currently applies #identity-box[class="unknownIdentity mixedContent"] or #identity-box[class="unknownIdentity mixedActiveContent"], so that part is working, but the icon and UI (notification bar) hasn't been implemented yet.
- resource:///chrome/browser/skin/classic/browser/
(Bug 782654 - Implement Mixed Content Blocker UI)
This code in userChrome.css works in Firefox 15 and later.
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"); /* only needed once */ #urlbar[pageproxystate="valid"] > #identity-box.unknownIdentity.mixedContent #page-proxy-favicon, #urlbar[pageproxystate="valid"] > #identity-box.unknownIdentity.mixedActiveContent #page-proxy-favicon { list-style-image: url("chrome://browser/skin/Security-broken.png")!important; -moz-image-region: auto!important; } #urlbar[pageproxystate="valid"] > #identity-box.unknownIdentity.mixedActiveContent { background-image: -moz-linear-gradient(hsl(1,90%,88%), hsl(3,80%,80%))!important; box-shadow: 0 1px 0 hsla(2,81%,16%,.05) inset!important; -moz-border-end-color: hsla(2,81%,16%,.2)!important; color: hsl(2,81%,16%)!important; }
The customization files userChrome.css (interface) and userContent.css (websites) are located in the chrome folder in the user profile folder.
Edeziri
So does anyone know if they're working on the problem?
You will have to contact eBay to get this fixed because it is their server configuration with the redirect to an insecure link in this case that is causing it.
Firefox exposes this issue as it does in a lot of other cases and that makes Firefox very well suited for testing purposes.
Other browsers do not expose this no openly or may be able to block or hide content from an http link, but that doesn't fix it.
A secure connection should never fetch content via an insecure link.
- Bug 782654 - Implement Mixed Content Blocker UI
I called Ebay and this is a FIrefox problem. Now as of today, when I go to sign in on PayPal, the same thing happens, the padlock symbol that was always there to indicate an encrypted connection is gone. I refreshed the page, cleared the cookies and the padlock does not appear anymore at the PayPal sign in page. Firefox needs to look into this.
For what it's worth, this is what has been done this far to try to fix the problem: All cookies in the cache were cleared. Scanned for malware, nothing found. Updated to the latest version of Firefox 16.0.1. Ran Firefox in safe mode and the same thing happened in safe mode, the sign in for Ebay and PayPal are not encrypted and there's no padlock showing in the address bar, just a globe icon.
I doubt it's any malware because if I go to Ebay using Firefox and click on 'register' (instead of 'sign in') as if I were registering there, I DO get the padlock and it shows RC4 128 bit encryption in Firefox. So it's only when signing in to Ebay or PayPal that there's no encryption or padlock. There has to be a bug somewhere.
This is really a problem with the eBay site and there is nothing that you can do about this apart from ignoring it.
Websites that are opened via a secure HTTPS link should never retrieve data via an insecure HTTP link.
You may be able to block such items in future Firefox versions and in other browser, but that only covers the problem.
I suspect the server at srv.main.ebayrtm.com has little role other than to serve advertising. Perhaps the best short term workaround is to block it.
I should also mention when I try signing in to other sites like Amazon, I DO get a secure encryption with Firefox and the padlock is present. This only seems to be happening with PayPal and Ebay. I only get the gray globe icon in the address bar, no padlock and I am using the latest version of Firefox 16.0.1.