embed Forms2.0 sends always SSL ? | Community
Skip to main content
A
Anonymous
July 29, 2015
Solved

embed Forms2.0 sends always SSL ?

  • July 29, 2015
  • 1 reply
  • 1792 views

Hi all

In my understanding,when using standard embed code, forms SSL depends on the webpage.

for example, the embed code is

<script src="//app-xx99.marketo.com/js/forms2/js/forms2.min.js"></script>

<form id="mktoForm_1276"></form>

<script>MktoForms2.loadForm("//app-xx99.marketo.com", "999-XXX-999", 1276);</script>

- When the webpage URL is hoge.domain.com/myform.html , the form sends via http.

- When the webpage URL is hoge.domain.com/myform.html , the form sends via https.

- If I hope the form sends via https explicitly, I change //app-xx99.marketo.com to app-xx99.marketo.com.

Now I am confusing.

I have builded this test environment.

I checked internet access is rejected via http.

Intranet webpage is http and the form is embedded it.

If the form sends data via http, I expect an error.

But the form works fine and the lead is added Lead database correctly.

It seems Forms2.0 sends always SSL.

Is this true?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by SanfordWhiteman

It is mostly true.

Except when it isn't (say, on IE 8).

So this functionality isn't to be trusted.

1 reply

SanfordWhiteman
SanfordWhitemanAccepted solution
Level 10
July 29, 2015

It is mostly true.

Except when it isn't (say, on IE 8).

So this functionality isn't to be trusted.

A
Anonymous
August 3, 2015

Thank you @Sanford Whiteman​

I did some tests and I learned more.

It seems Crome chooses http or https according to its cache.

When the webpage is and I clear cache, Chrome try to load Forms JS via http.

Chrome can not loads Forms JS in this environment.

I changed testing environment that http is enable and https is disable to connect internet.

When the webpage is and I clear cache, Chrome try to load Forms JS via http.

Chrome shows Forms fine but can not submit data.

I understood Forms sends always ssl.

Thank you

SanfordWhiteman
SanfordWhiteman
Level 10
August 3, 2015

There definitely are a lot of moving parts.  Like I said, the assumption that forms will post over SSL is only mostly true.  I think it's the developers' intent, but it's not documented (which is good, since we can't really complain when it doesn't happen!).

As far as caching, consider that HSTS is in use.  Even in an Incognito window + caching disabled + cache supposedly deleted, Chrome still uses cached HSTS responses. So it's very hard to get a clean test environment.

I appreciate your further research!

Terms & ConditionsAccessibility statement

Loading footer...