Insecure call

Good day @weblink

The only part that I can see coming from the plugin here that isn’t HTTPS is the “http://constantcontact.com/legal/privacy-statement” text in the disclaimer area. Everywhere else for our resources and output is showing HTTPS values. By default the form is going to post to the URL it’s on, in this case https://www.swim1day.com/, which is a secure version. We do allow for providing custom destinations after submission, but that will be up to the user to provide the appropriate protocol’d URL. I feel save in assuming that most people would be doing copy/paste for that value, thus the https should get picked up at that time.

At least at the moment, I’m not seeing anything stopping this from working fine, as is, once Chrome rolls that out. However, if I happen to be wrong, we’ll do everything we need to to correct that.

Thanks for the feedback and concerns.

Definitely worth keeping an eye on, and better to be actively cautious than not at all. Hope everything else with the plugin is going smoothly for you.