Google Sites HTTPS issue - https

I'm wondering if anyone can help with this.
I'm creating a site for a client using Google Sites (A requirement they set).
One of their requirement is for a contact form to be embedded on the site. I've had a look and there are plenty out there, however, if a user visits from any version of IE the content is not displayed due to the security settings.
All other browsers are functioning fine.
I know the alternative is to simply put a link to an external source, but is not ideal.
My question is threefold fold.
1. Is it possible to write a gadget that will work for IE with non-secure content (if so how)?
2. Are there any HTTPS contact forms out there that I could use?
3. Does anyone have any experience with Google sites and trying to load non-secure content and have any tips?
Thanks

Have you tried JotForm.com? They have the same (free and premium) plans as emailmeform.com. Plus, they have a specific roundabouts to embed your form in Google Sites (they have a gadget made for Google Sites). And yes, JotForm has https url for their forms if you wish to embed it as an iframe.
-- One other solution is resort to using Google Docs form.
Does anyone have any experience with Google sites and trying to load
non-secure content and have any tips? Still awaiting people with
experience....
-- Yes, I have experienced this while trying to put some social media scripts in my Google Sites website and the best thing really was to rid my Sites of those non-secure contents.

For any interested I have kind of answered my questions.
Is it possible to write a gadget that will work for IE with non-secure content (if so how)?
It is possible but you need to have a SSL hosted server.
Are there any HTTPS contact forms out there that I could use?
There are paid solutions for this. Alternatively, write your own html code to post to one of these solutions (free solution is http://www.emailmeform.com/)
Does anyone have any experience with Google sites and trying to load non-secure content and have any tips?
Still awaiting people with experience....

Related

How do browsers(Firefox more specifically) know which cookies are tracking cookies

I came accross to a situation where Firefox in incognito mode blocks some of the cookies on my site. More specifically google analytics cookies like _ga, _gid, ..etc. Searching in the internet I came across to this article. So browsers like Firefox somehow identify these cookies as tracking. But how? How does it know which cookies are tracking and which not? I need to know this because next time I set cookies on my server I dont want them to be blocked by browsers.
In context of the article it just means blocking reference links. For instance it blocks sending the referral information from, for instance Facebook, to other sites.
Other sites use the referral information to decide who to pay to get more traffic and stuff like that.
There's like 100 different versions of the idea of "tracking" though.
Like the article points out, your ISP always know every DNS search you do and every call to an IP so they always know ALLLL your traffic and are "tracking" it.
There's also "ad tracking" where all those google calls send out what the crawler says is on the page in order to create targeted ads and all that.
I think, based on what you wrote, you're just talking about tracking links which is just scrubbing the referral link part though.
You'd have to be more specific if that's not what you're looking at.

Google reCAPTCHA in China

My site is using Google reCAPTCHA control but I am hearing its being block in
China, Is there anyway around this I see there is some people reporting that changing the API to https://www.recaptcha.net works in China?
Anyone try this because I see it still going out to google?
string apiUrl = "https://www.recaptcha.net/recaptcha/api/siteverify?secret={0}&response={1}";
As google says in his assistance page, you should use this domain "www.recaptcha.net" instead "www.google.com" on the api call.
First, replace src="https://www.google.com/recaptcha/api.js" with
src="https://www.recaptcha.net/recaptcha/api.js"
After that, apply the same to everywhere else that uses "www.google.com/recaptcha/" on your site.
Obtained from: https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally
Edit: to clarify on some of the comments, while if you try it outside of china yes you do get references to gstatic.com but if you try this in china, any references to gstatic.com are replaced with gstatic.cn (don't forget to add it to your SCP). So this solution is still valid.
IMHO, google things are not stable in China as it can be blocked anytime.
From Baidu threads, it also mentioned that sometime google recaptcha works, sometime it doesn't.
https://www.v2ex.com/t/492752 (Chinese)
In programming world ,unstable function means useless or more code for dealing with exception.
If you really need to use google recaptcha,
you would better test properly using VPN (IP in China) first.
Here are some options you can consider,
You can use alternative captcha
Google will tell you various captcha.
Build your own captcha
Open Source Invisible reCAPTCHA alternatives
Use proxy web server(nginx) to send and receive data to or from google recaptcha
I have shared the solution to this problem by using cURL.
https://stackoverflow.com/a/63568516/11910869
cURL acts as a middle man between the client and the server. So even if google.com/recaptcha can not be accessed by the client because it is blocked by the service provider, cURL can act as the proxy to send the HTTP requests and get the response.

How to use Google safe browsing lookup API

I've just stumbled onto Google Safe Browsing lookup API and will admit this seems to be a bit above my head, but I still would like to learn how to use it.
I've read through the get-started documentation, but I am still confused on where to actually begin.
I've created an API key to access it, which gave me a link.
I've pasted that link into Google Chrome, and it downloaded a file, which I opened in Google Chrome on my Win 7 machine.
This is where I am stuck, where is the API?
How do I actually paste URL's into the API to see if they are malicious or not?
So, if you're still wondering about this 6 months later an API is a way of interacting with a site not through your browser. You don't need to worry about it if you're using Chrome or Firefox since the browser will do it for you.
However, you know how a website for a bar will have a small google maps box with the map of the area? The application (website) sent a get request to the Google Maps API. The simplest way you do this at home is with your terminal or command line. That's where you would type in the url you're trying to check.

Does a website link (href) validation service exist?

I am looking for a web service kind of like Google Analytics.
Paste some javascript into your web page and if any of the links there become invalid, hey presto, an email is sent to someone telling them which link, which page etc etc has the incorrect link.
Anyone heard of such a service?
This would slow the page loading down a lot if it had to check for broken links every time someone visited it (basically a http request for every link). Not that it isn't possible, but the implementation would have to be very very good.
Javascript cannot send emails, you would have to use ajax to post the details to another page that would then email the admin. As this is all client side, it is very open to abuse.
I would suggest using a program to do it every now and again. There are even Firefox extensions to do it rather than a program. Google will also list a whole host of websites offering the service.

Serving ads via HTTPS

I know there is no such thing as a dumb question but this is: Can you serve contextual based ads via adsense or others on a site that is entirely behind https?
Update:
We’ve updated the AdSense ad code so that it now supports secure ad serving through Secure Sockets Layer (SSL) on Hypertext Transfer Protocol Secure (HTTPS) web pages. This means that publishers with secure sites, i.e., sites that are served over the HTTPS protocol, can now use AdSense ad code to serve SSL-compliant ads. Examples of secure websites include many financial services sites, e-commerce sites, and social networking sites.
Google is aware of the issue but does not offer a properly configured HTTPS version of their code at this time. It'll work by swapping out http for https, but as mentioned above you'll get various errors in browsers.
AdSense now supports HTTPS. Just remove the "http:" portion of the ad code.
You can but visitors will receive a message that your site contains secure and none secure data in internet explorer. Most other browsers have a way to communicate this state aswell.
Yes, as long as the website is not protected by SSL certificates (in that the client accessing the website needs to have a certificate) Google is perfectly capable of indexing your site for keywords to cater the right ads for your website.
I am not sure if Google makes the adsense code available over SSL as well, if not your visitors will be warned by the browser that the page may contain insecure elements. I do know that their analytics code (For Google analytics) does contain an SSL possibility.
In case you have any more questions, Google's adsense support team/faq will be able to better provide answers to your questions, since you can let them know what site you are talking about!

Resources