The Second Marketplace is broken for Internet Explorer Browser In the HTTPS mode

[Etienne Brando]

I am disappointed that the April 2011 release has broken the second life marketplace for Internet Explorer users. A customer has to constantly dismiss the security warning dialog box for every page in the marketplace that contains an advertisement image. As many of us know Internet Explorer is still the most popular browser in the world. This means that over 50 percent of visitors to the second life marketplace cannot now navigate the site without the constant nuisance effect of this dialog popup.

I opened a live chat with second life support and was told that they cannot address the issue. The live chat representative suggested that i adjust my browser security setting. Since this is not a fix for all users who are impacted, I was directed to open an JIRA bug report. After creating an issue (WEB-3795) in the second life JIRA for this problem, I want to post this thread such that marketplace team and other merchants can also be notified.

In my humble opinion and as an experienced web developer, I believe that this defect is an emergency for Linden Labs and also for all merchants who, like myself, sell items on the second life market place.

Imagine that more than 50% of all potential customers, who use Internet Explorer as their web browser, will now be turned away from the second life marketplace because they are constantly being presented with a security warning pop-up dialog window for every page that they visit.

I sincerely hope that this issue will be addressed in the near future.

[TatianaDokuchic Varriale]

Thanks for setting up the jira, Etienne.

This is also another illustration of the problem with Thursday deploys.  Best case scenario, the marketplace is now stuck with this for the weekend.

[Claireschen Hesten]

i use chrome exclusively it doesn't have all the annoying crap that internet explorer has but i have noticed there is an issue with the https usually it's 128bit encrypted according to chrome when you click the https there is some high risk unsecure stuff on the page that could be modified by an attacker hopefully it'll get fixed 

[Etienne Brando]

I am not so concerned about my own ability to navigate the second life marketplace web site. I am concerned about the ability of potential customers who need to navigate the site in order to purchase products. If they are presented with the nuisance effect of the security warning dialog then many will turn away.

As I suggested before, the impact is to approximately 50% of all users in the world

[Toysoldier Thor]

You can remove this annoying prompt by just going into your IE settings:

Under SECURITY SETTINGS - Internet Zone - Customize
Submit non-encrypted form data:
default is PROMPTED
switch to ENABLED

ADDED POINT:  As Ishtara pointed out later - it is likely the DISPLAY MIXED CONTENT setting that needs to be changed from Prompted to ENABLED.

This is an annoying IE default setting and it happens to many sites if you dont turn it to enabled.  Unfortunately if shoppers dont know this - they will still get hit with this.  so it would be best that LL fixes with a site that provides a consistent HTTPS stream (instead of switching to non-HTTPS for some parts of the visit).

[Etienne Brando]

As you said ToySoldier, it would be best if Linden Labs fixes this problem rather than expect thousands of visitors to change their internet explorer settings to compensate. I am still having a hard time understanding how Linden Labs quality control could allow an issue like this to be released.  

[Ishtara Rothschild]

---

Toysoldier Thor wrote:

You can remove this annoying prompt by just going into your IE settings:

Under

SECURITY SETTINGS - Internet Zone

- Customize

Submit non-encrypted form data

:

default is PROMPTED

switch to ENABLED

This is an annoying IE default setting and it happens to many sites if you dont turn it to enabled.  Unfortunately if shoppers dont know this - they will still get hit with this.  so it would be best that LL fixes with a site that provides a consistent HTTPS stream (instead of switching to non-HTTPS for some parts of the visit).

---

Are you sure that is the right setting? I think I got rid of this message by switching "Display Mixed Content" to Enabled.

I agree that it is a nuisance and can easily be avoided on LL's side. But I've run into the same problem on other sites, so it is a general Internet Explorer issue (and an issue of Avant Browser, Maxthon II, and all the other popular IE shells) as well.

[Etienne Brando]

Ishtara,

A page that mixes secure content with unsecure content is inherently unsecure. Just because a few other sites make the same mistake that Linden Labs has with the marketplace does not make it an Internet Explorer problem.

Linden Labs and other sites that make this mistake should make a correction by deciding which pages are secure and which pages do not need to secure. They should then implement the web standard such that secure pages have all secure content.  

[Toysoldier Thor]

---

Ishtara Rothschild wrote:

---

Toysoldier Thor wrote:

You can remove this annoying prompt by just going into your IE settings:

Under

SECURITY SETTINGS - Internet Zone

- Customize

Submit non-encrypted form data

:

default is PROMPTED

switch to ENABLED

This is an annoying IE default setting and it happens to many sites if you dont turn it to enabled.  Unfortunately if shoppers dont know this - they will still get hit with this.  so it would be best that LL fixes with a site that provides a consistent HTTPS stream (instead of switching to non-HTTPS for some parts of the visit).

---

Are you sure that is the right setting? I think I got rid of this message by switching "Display Mixed Content" to Enabled.

I agree that it is a nuisance and can easily be avoided on LL's side. But I've run into the same problem on other sites, so it is a general Internet Explorer issue (and an issue of Avant Browser, Maxthon II, and all the other popular IE shells) as well.

---

You might be right but I currently have the "DISPLAY MIXED CONTENT" set to PROMPTED and in the marketplace I am not getting those messages so I just assumed it was the other setting.

Your suggested setting is likely correct.

--||-

[Alaska Metropolitan]

"A page that mixes secure content with unsecure content is inherently unsecure. Just because a few other sites make the same mistake that Linden Labs has with the marketplace does not make it an Internet Explorer problem.

Linden Labs and other sites that make this mistake should make a correction by deciding which pages are secure and which pages do not need to secure. They should then implement the web standard such that secure pages have all secure content."

 

^ This. I've developed a few e-Commerce sites in my time, and this is a common issue you usually find when testing the site before launch. LL's solution, since they do have ads on pages that would need to be secure (like the checkout page) would likely be to https:// their ad server. Nothing's coming in from outside, it's just the ads, right?

I'm just baffled that this wasn't caught before deployment!

[Edfred Jungsten]

4 Days Later...Issue Still Unresolved...Site Still Giving Security Warning.

[Argus Collingwood]

 

---

Edfred Jungsten wrote:

4 Days Later...Issue Still Unresolved...Site Still Giving Security Warning.

---

Brooke covered this in the User Group Meeting today and said it was a Top Priority and should be fixed by the end of the week.

 

[TatianaDokuchic Varriale]

Though Geo Linden has marked the jira for this WEB-3795 as Fixed and Resolved it still doesn't work for me

I hope that they do get this fixed soon as I'm sure it is scaring a lot of people and frustrating the hell out of the others.  Whatever, it doesn't make for good business.

[Brooke Linden]

The JIRA was prematurely closed. We're still working with our ad server to get this resolved. Apologies for any confusion.

Brooke

[TatianaDokuchic Varriale]

Thanks, Brooke!!

[Phil Deakins]

---

Etienne Brando wrote:

I am still having a hard time understanding how Linden Labs quality control could allow an issue like this to be released.  

---

That's easy to understand. LL's quality control personel are devoid of quality.

[Edfred Jungsten]

9 days later...eh..we'll just get used to it I guess.

[Chlodhilde]

actually, here it is 2013 and i'm experiencing a similar problem with marketplace access. this only started happening recently, so something must have changed. the warning is as follows: *********** Information you exchange with this site cannot be viewed by others or changed by others. (checked OK) Security is from trusted source certifying authority. (checked OK) Security date is valid (ALERT ! ) NAME ON SECURITY CERTIFICATE IS INVALID OR DOES NOT MATCH THE NAME OF THE SITE. ********* i use internet explorer so maybe this is the problem.... but many people do. If the problem lies with something recently introduced by internet explorer, then i'm sure Marketplace will be hearing more complaints. If it's rooted in a new change in Marketplace, then i'd have thought they would have tested this out first.