Hi,
We have a login form in a visualforce page and it has an actionFunction that verifies if the credentials the user provides are correct, the problem is that if the page is loaded under http the server throws an error "No 'Access-Control-Allow-Origin' header is present on the requested resource", I'm guessing the error is due to the fact that the form has forceSSL set to true so it creates an https call from an http page, but if we remove the forceSSL parameter and we try to login the server throws "This form must be secure. Use the 'forceSSL' attribute and set it to 'true.'", so my question is how can we configure the site so it does not demand forceSSL set to true when trying to log in? Thanks.