New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 617417 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Jun 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

automatic credit card filling disabled (eway, payment in https iframe)

Reported by mi...@mikelward.com, Jun 4 2016

Issue description

UserAgent: Mozilla/5.0 (X11; CrOS x86_64 8172.47.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36
Platform: 8172.47.0 (Official Build) beta-channel tricky

Steps to reproduce the problem:
1. Go to http://www.sexparty.org.au/get-involved/donate
2. Click Donate
3. Type "4" in the credit card field to try to start auto fill

What is the expected behavior?
It shows a list of stored credit cards.

What went wrong?
It says "Automatic credit card filling is disabled because this form does not use a secure connection".

Did this work before? N/A 

Chrome version: 51.0.2704.79  Channel: beta
OS Version: 8172.47.0
Flash Version: Shockwave Flash 21.0 r0

It looks like payment form is an iframe created dynamically when clicking the Donate button, and the iframe itself is served over https.  The page that spawns the payment form is served over http, but presumably isn't involved in the actual payment processing.
 
When I try to attach the page source, I get a 500 error. I assume you can get that yourself anyway.

Comment 2 by f...@chromium.org, Jun 5 2016

Cc: f...@chromium.org
Components: UI>Browser>Autofill>Payments
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: WontFix (was: Unconfirmed)
Thank you for the report. This behavior is intentional; the top-level page also needs to be served over HTTPS. If there were a MITM attack, it wouldn't be enough for only the iframe to be served over HTTPS because the attacker could simply swap out the iframe for a different one that takes the customer's credit card information.
Components: -UI>Browser>Autofill>Payments UI>Browser>Payments

Sign in to add a comment