You need to sign in to do that
Don't have an account?
Victor Vasquez
Site login without SSL
Hi,
We have a login form in a visualforce page and it has an actionFunction that verifies if the credentials the user provides are correct, the problem is that if the page is loaded under http the server throws an error "No 'Access-Control-Allow-Origin' header is present on the requested resource", I'm guessing the error is due to the fact that the form has forceSSL set to true so it creates an https call from an http page, but if we remove the forceSSL parameter and we try to login the server throws "This form must be secure. Use the 'forceSSL' attribute and set it to 'true.'", so my question is how can we configure the site so it does not demand forceSSL set to true when trying to log in? Thanks.
We have a login form in a visualforce page and it has an actionFunction that verifies if the credentials the user provides are correct, the problem is that if the page is loaded under http the server throws an error "No 'Access-Control-Allow-Origin' header is present on the requested resource", I'm guessing the error is due to the fact that the form has forceSSL set to true so it creates an https call from an http page, but if we remove the forceSSL parameter and we try to login the server throws "This form must be secure. Use the 'forceSSL' attribute and set it to 'true.'", so my question is how can we configure the site so it does not demand forceSSL set to true when trying to log in? Thanks.
The best thing to do is have the page redirect to the https version. You could do this in JavaScript, like this:
Visualforce Page: