#1270 new
Ben Hyde

Chrome dislikes fastspring's payment page.

Reported by Ben Hyde | September 24th, 2015 @ 03:24 PM

Chrome declines to auto fill on this page[1] as shown[2]. If you investigate it's critique of the page you'll note that it points out that some content on the page is delivered in the clear. The concern in that scenario is that the bad actor will insert himself in the middle and modify that stuff to include javascript which in turn scraps the credit card info. Wearing my security guy hat, I agree with this concern.

[1] https://sites.fastspring.com/freron/order/confirm [2] https://www.evernote.com/l/AAKq_tJuv1lMHY2VGwg1iJdgjbWfnpkza-UB/ima...

Comments and changes to this ticket

  • benny

    benny September 24th, 2015 @ 07:36 PM

    I'm not sure exactly what happens, but I've contacted Fastspring to see if they have anything to say about this.

    Thanks for the support!

  • benny

    benny September 25th, 2015 @ 12:59 PM

    How do you get this in Chrome? It doesn't seem to happen for me. Some extension?

  • Ben Hyde

    Ben Hyde September 27th, 2015 @ 06:07 PM

    I reproduced just now. Having selected the credit care payment option I entered a single digit into the credit card number box. I'm running an upto date Chrome, and I do have a credit card setup for autofill in Chrome. I seem to recall that setup is a matter of granting chrome permission to remember a card after filling out a similar form. Much like the way it asks if you want to save a username/password pair. If you like I could record a short scrren cast :)

  • benny

    benny September 28th, 2015 @ 07:19 AM

    I am now able to reproduce it and I've also informed the FastSpring people.

    I also googled a bit and a similar problem seems to have been a bug in Chrome. It appears though that this bug was fixed.

  • benny

    benny September 29th, 2015 @ 06:41 AM

    • State changed from “new” to “closed”

    As far as I (and FastSpring) can determine then this is an issue with Chrome. Let me know if you think otherwise. You can still comment on this ticket after I close it.

  • Ben Hyde

    Ben Hyde September 29th, 2015 @ 02:06 PM

    You'll be delighted to know that the issue has evaporated, so somebody changed something somewhere. Let the payment's flow!

  • benny

    benny September 29th, 2015 @ 03:40 PM

    I'm glad it works for you, but I still see the warning myself (and I still think it's a Chrome issue).

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Mac OS X email client.

Shared Ticket Bins

People watching this ticket

Pages