+ Start a Discussion
Victor VasquezVictor Vasquez 

Site login without SSL

We have a login form in a visualforce page and it has an actionFunction that verifies if the credentials the user provides are correct, the problem is that if the page is loaded under http the server throws an error "No 'Access-Control-Allow-Origin' header is present on the requested resource", I'm guessing the error is due to the fact that the form has forceSSL set to true so it creates an https call from an http page, but if we remove the forceSSL parameter and we try to login the server throws "This form must be secure. Use the 'forceSSL' attribute and set it to 'true.'", so my question is how can we configure the site so it does not demand forceSSL set to true when trying to log in? Thanks.
Pat PattersonPat Patterson
Don't submit user credentials over an unencrypted channel!

The best thing to do is have the page redirect to the https version. You could do this in JavaScript, like this:

Visualforce Page:
if (location.protocol == 'http:') {
    location.href = location.href.replace(/^http:/, 'https:')