Forum Moderators: phranque
I have been reading and learning from a lot of posts on here for the past few days and trying various bits of code trying to achieve something which I am starting to wonder if I am even looking in the right place or maybe just i have the terminology wrong.
In the past hour I have read this post [webmasterworld.com...]
which I quite understand the frustration and the intent.
I also have read this posts [webmasterworld.com...] which hints that maybe I am looking in the wrong place.
I am just starting to use a Shared SSL certificate provided by my webhosting provider and the HTTPS URL is quite different to my domain name and I would like it to appear to my vistors that they are still somewhere in my domain.
I have [mydomain.com.au...] and when visitors select Checkout they get to see [server.webhost.com.au...]
I would like them to see something like [mydomain.com.au...]
I am not looking for the code to solve my problem, (well not yet anyways) and I am happy to keep reading and learning but can someone please tell me if I am trying to do something that is possible, or perhaps impossible, and and the right terminology(internal external, mask,redirect)for my searching.
Thanks,
Terry
Welcome to WebmasterWorld!
I have a friend who actually asked me to help them out with this recently, because they are framing the secure page to keep their logo at the top while allowing visitors to completely the form from the secure server 'on their site', but was wanting to do what you are asking... Anything I could think of other than framing to serve the remote page lost the secure connection completely.
I think framing the secure page is probably the best way to 'co-brand' the process, but your URL will not show as secure. If someone else knows of a way to do this, I'd like to hear about it too, because I don't think it can be done 'seemlessly' since there is really no way to 'borrow' the security certificate and use it when visitors connect to your site.
* You lose the 'appearance' of security by framing since your URL is http (port 80) not https (port 443), but as long as the remote page is framed correctly, the connection to the form they are filling out should still remain secure. AFAIK.
The reason I say don't try to frame is that sites that do this today will cease to work as browser makers improve their security models. Why just today, we have this thread [webmasterworld.com], which makes clear that if you frame a page hosted outside your own domain, you are heading for disaster if the proper 'owner' of that page's domain injects the X-Frame-Options header (as they certainly should)...
Pay for a proper certificate or show the shared cert domain; those are really the only two safe choices.
Jim
Thank you for the replies they have saved me further reading to find out I can't really do what I want too.
I will have to go back to looking at alternative ISPs or SSL options.
Thanks again,
Terry
