After a data plan has been purchased, we are seeing a message from the web browser stating:
The information you have entered on this page will be sent over an insecure connection and could be read by a third party. Are you sure you want to send this information?
We are concerned that customers that see this message will be confused by this message and reluctant to click on the Continue button. We are also concerned this will result in additional Support calls by customers looking for advice on how to proceed.
We are using a Mikrotik router for our Hotspot. We believe this message is being generated when the Powerlynx server provides a redirection link after payment has been accepted through the payment processor. This link is a redirection back to our Mikrotik router, possibly prefixing the redirection with ‘http://’. Unfortunately, we have no control or visibility of the redirection.
We believe this redirection should be handled in a secure manner.
How can this be fixed such that the redirection is secure and the message is not displayed?
We opened the console on Firefox and the last few lines of the Network Monitor tab log show the following:
14:46:17.082 Navigated to https://kin.powerlynx.app/redirect-flow/payment-status?gateway=stripe&data=<redacted>&payment_intent=<redacted>&payment_intent_client_secret=<redacted>&redirect_status=succeeded
14:46:18.028 Layout was forced before the page was fully loaded. If stylesheets are not yet loaded this may cause a flash of unstyled content. node.js:417:1
14:46:19.015 Navigated to https://kin.powerlynx.app/redirect-flow
14:46:20.443 This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>â€. redirect-flow
14:46:24.395 Navigated to http://10.5.50.1/login
14:46:26.500 Navigated to https://kin.bc.ca/
We believe it is the URL provided by the Powerlynx server, http://10.5.50.1/login, that is causing the browser to display the warning message.
Would be possible for the Powerlynx server to provide this URL as https://10.5.50.1/login?
OR
Make this a configurable item? For example, we would redirect the customer to our website, https://kin.bc.ca/