• mic_check_one_two@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    5
    ·
    2 days ago

    Easier said than done, if your end users run Chrome. Because Chrome will automatically block your site if you’re on double secret probation.

    The phishing flag usually happens because you have the Username, Password, Log In, and SSO button all on the same screen. Google wants you to have the Username field, the Log In button, and any SSO stuff on one page. Then if you input a username and go to start a password login, Google expects the SSO to disappear and be replaced by the vanilla Log In button. If you simply have all of the fields and buttons on one page, Google flags it as a phishing attempt. Like I guess they expect you to try and steal users’ Google passwords if you have a password field on the same page as a “Sign in with Google” button.

    • Appoxo@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      6
      ·
      2 days ago

      Firefox ingests Google SafeBrowsing lists.
      If you are falsely flagged as phishing (like I was), then you are fucked regardless of what you use (except you use curl).

      I couldnt even bypass the safebrowse warning on my Android phone in Firefox.