Search

OUR API

API Developer Guides API Reference Sample Code [on GitHub]
SDKs [on GitHub] API Change Log System Change Log
Upgrade Guide

Hello World

Get Started Common Setup Questions How Payments Work
Testing Guide Go-Live Checklist

Support

Get Support News and Announcements Forums
Authorize.Net on GitHub Authorize.Net on Stack Overflow Developer Blog
Response (Error) Codes FAQs Knowledge Base

Sign In

Sandbox Affiliate

Search Developer Site

Integration and Testing

Authorize.Net API questions and help with your payment integration.

Reply
Highlighted
Member
johnbratteli
Posts: 3
Registered: ‎09-13-2013

Firefox Warning on Relay Response

‎09-13-2013 12:07 PM

I've seen similar threads here, but I didn't find anyone asking quite the same thing, so here we go:

 

I'm working on a WooCommerce plugin that adds Authorize.Net.  There are others that do so, but not in quite the same way.  Because of certain restrictions on the server, installing an SSL certificate is not feasible, so I'm using DPM to transmit customers' CC info.  I've set up a relay response page that accepts the POST from Authorize.Net and reposts it to the WooCommerce payment processing systm.  This is all working.

 

My issue is that on Firefox a user sees this warning when transitioning from the Authorize.Net transact.dll to my (unsecured) relay response page:

 

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?

 

Clicking Continue leads the process to complete successfully, but the message is scary and not appropriate for a production website.  Does anyone have any suggestion to avoid this message?

 

Thanks in advance.

Message 1 of 5 (67,869 Views)
Reply
0 Kudos
Highlighted
TJPride
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Firefox Warning on Relay Response

‎09-13-2013 12:30 PM

I always thought Authorize.net called the relay response page itself (CURL) and put out the response, but if that is not in fact the case and Authorize.net is instead posting to the relay response, then you're kind of out of luck. My advice would be to set up a new hosting account somewhere that you can set up a dedicated IP and SSL (probably cost you $10/month for the hosting) and just use a subdomain of the primary domain for orders (ordering.mydomain.com or whatever). I often use this approach when the client's hosting is too inflexible and I don't want to have to work around its limitations.

Message 2 of 5 (67,867 Views)
Reply
Highlighted
Member
johnbratteli
Posts: 3
Registered: ‎09-13-2013

Re: Firefox Warning on Relay Response

‎09-13-2013 12:37 PM

I'd been noodling around something like that, but it sure makes it hard to have a nice, encapsulated plugin.  Thanks for the suggestion.

Message 3 of 5 (67,865 Views)
Reply
0 Kudos
Highlighted
Member
johnbratteli
Posts: 3
Registered: ‎09-13-2013

Re: Firefox Warning on Relay Response

‎09-13-2013 01:49 PM

Turns out you're right - Authorize.Net does pull in the relay response page.  I guess that means I need to get the data from that page to my server without POSTing.  Maybe I can stick it in a cookie.  Anybody have any other thoughts.

Message 4 of 5 (67,860 Views)
Reply
0 Kudos
Highlighted
TJPride
Posts: 1,609
Topics: 15
Kudos: 201
Solutions: 121
Registered: ‎06-23-2011

Re: Firefox Warning on Relay Response

‎09-14-2013 11:21 AM

If the relay response page is on the same hosting as your site, it's easy - just do some database updates from the relay response page. If not, then create a new remote database login on your site's database for the IP of the relay response page, and again update the database from the relay response - just remotely rather than localhost. It's really fairly simple.

Message 5 of 5 (67,846 Views)
Reply
0 Kudos