cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Firefox Warning on Relay Response

I've seen similar threads here, but I didn't find anyone asking quite the same thing, so here we go:

 

I'm working on a WooCommerce plugin that adds Authorize.Net.  There are others that do so, but not in quite the same way.  Because of certain restrictions on the server, installing an SSL certificate is not feasible, so I'm using DPM to transmit customers' CC info.  I've set up a relay response page that accepts the POST from Authorize.Net and reposts it to the WooCommerce payment processing systm.  This is all working.

 

My issue is that on Firefox a user sees this warning when transitioning from the Authorize.Net transact.dll to my (unsecured) relay response page:

 

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?

 

Clicking Continue leads the process to complete successfully, but the message is scary and not appropriate for a production website.  Does anyone have any suggestion to avoid this message?

 

Thanks in advance.

johnbratteli
Member
4 REPLIES 4

I always thought Authorize.net called the relay response page itself (CURL) and put out the response, but if that is not in fact the case and Authorize.net is instead posting to the relay response, then you're kind of out of luck. My advice would be to set up a new hosting account somewhere that you can set up a dedicated IP and SSL (probably cost you $10/month for the hosting) and just use a subdomain of the primary domain for orders (ordering.mydomain.com or whatever). I often use this approach when the client's hosting is too inflexible and I don't want to have to work around its limitations.

TJPride
Expert

I'd been noodling around something like that, but it sure makes it hard to have a nice, encapsulated plugin.  Thanks for the suggestion.

Turns out you're right - Authorize.Net does pull in the relay response page.  I guess that means I need to get the data from that page to my server without POSTing.  Maybe I can stick it in a cookie.  Anybody have any other thoughts.

If the relay response page is on the same hosting as your site, it's easy - just do some database updates from the relay response page. If not, then create a new remote database login on your site's database for the IP of the relay response page, and again update the database from the relay response - just remotely rather than localhost. It's really fairly simple.