Edit: I realized that I posted this in the Humankind sub forum. Sorry I'm new here, so I will now post it in the Games2Gether Forum instead, as it's not  game bug per se.

When trying to link to my steam account I get a big red security warning and the site will not load. I can chose an option to go to the site despite the warning but when I chose that I get another warning to logad the site in isolated safe surf via Norton. After that i did not dare to continue and closed the browser. It's the same type of warning one gets on various pirate movie sites and such that can steal Your account info via malicious links and add tracking cookies and whatnot. It says it a well know dangerous site etc. it seems to be Norton Anti-Virus and Norton Safe-web that gives the warning. The warning appears in the browser window where the site would normally be. Maybe You need to contact both Google and Norton to get on their safe list or possibly alter Your scripts and where it's pointed (https only it should be) and make sure the site pass security warnings. Atm I'm stuck and can't link my steam account as a result.

Translated it says: Dangerous web-site blocked

You have tyried to visit 

https://steamcommunity.com/openid/logion?... etc...

This is a known harmful web-site. You should NOT visit this web adress.

Visit Norton to get more info about net fishing and internet security."

Then a link to chose to continue to the site anyway.

But as I said when doing that another warning shows up, so I dare not. I don't want anyone fishing and malciouilsy intercepting my steam account info.

your's sincereley !!!

Lord Funk

Eulogos wrote:

What does it say if you click "Visa fulstandig rapport"?

It directs me to Nortons default report site about net fishing and security. With a field where I could potentially fill in the whole URL to get more info, but I don't have the full URL copied, so could not do that. 

What I mean  there is not enough time to copy the URL and fill that in on the Norton site to get more info, as it so quicky redirects me to that warning page with it's own URL, not the URL of the dangerous site. So I can not get the "Full Report" as I can't fill in the correct URL.

raspberly wrote:

Hello Lord_Funk,

I've just moved your thread to the appropriate forum :)

It seems that Norton has blocked Steam Community website, unfortunately, there is not much we can do on our side. Do you have any issues going to Steam forums?

And as Eulogos mentioned, we are not getting your Steam password, that's why your are redirected to the Steam community url so that you can log there. The only thing we are getting is your Steam id (after the login on Steam) that we need to identify you and know which Amplitude game you own (we don't have access to the list of all your games, only Amplitude ones).

I have dug up more info as to why the link might get blocked. Google even gives a whole log of warnings, 7 warnings and 1 error, on Your site if hover the the link and chose inspect. 6 are same type warning, 1 is a different warning and 1 is straight up error. Here is what it says, each paragraph is a warning in itself. I supect it has to do with using unsecure http in the links and not https links. Some of them get auto corrected/replaced to https, but some have more severe warnings and even an error.
---

/amplitude-studios/humankind:1 Mixed Content: The page at 'https://www.games2gether.com/amplitude-studios/humankind' was loaded over HTTPS, but requested an insecure element 'http://steamcdn-a.akamaihd.net/steam/apps/256769898/movie480.webm?t=1576253185'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

/amplitude-studios/humankind:1 Mixed Content: The page at 'https://www.games2gether.com/amplitude-studios/humankind' was loaded over HTTPS, but requested an insecure element 'http://steamcdn-a.akamaihd.net/steam/apps/256759091/movie480.webm?t=1576253243'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

/amplitude-studios/humankind:1 Unchecked runtime.lastError: The message port closed before a response was received.

/amplitude-studios/humankind:1 Mixed Content: The page at 'https://www.games2gether.com/amplitude-studios/humankind' was loaded over HTTPS, but requested an insecure element 'http://steamcdn-a.akamaihd.net/steam/apps/256769898/movie480.webm?t=1576253185'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

/amplitude-studios/humankind:1 Mixed Content: The page at 'https://www.games2gether.com/amplitude-studios/humankind' was loaded over HTTPS, but requested an insecure element 'http://steamcdn-a.akamaihd.net/steam/apps/256759091/movie480.webm?t=1576253243'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

about:1 A cookie associated with a cross-site resource at http://doubleclick.net/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

---

Like one saying something about cookie and that has a red warning and probably will not be auto replaced with https. The red warning when inspecting in Chrome says:

---

Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>' This request was automatically upgraded to HTTPS, For more information see <URL>

Unchecked runtime.lastError: The messageport closed VM8985 humankind:1 before repsonse was received

A cookie associated with a cross-site resource at http://doubleclick.net/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

---

So it does seem the way it links from Your site is not considered secure by Chrome either and that is probably why Norton Safe-web also refuses it. I have even used the otion to still load the siote now despite warnings but it does not seem to be able to link it to Your site as it alwasy redirerct to that warning site first before I can chose to still load iot and that brekas the process of linking it.

I think You must change Your codes to the lastest standard https certificates, cookies and such to get rid of those warnings. That SameSite attribute setting seem to be wrong too. As long as it's the way it is set now it's considered unsafe and will be receiving warnings both by the latest Chrome browser build as well as blocked by Norton and probably other annti virus software and firewalls.

So it's not the Steam site per se that is blocked, but the way it is linked and points to it in Your code on Your site. If I understand all that technical stuff correctly. So it's not just a Norton Safe-web issue nor steam, but something that needs to be fixed on Your site. I hope all this info helps.

I have worked around it to link my steam account now. I had to use Microsoft Edge browers as it does not have as high security settings/sentitivity as Google Chrome with warnings. Edge lets more security issues slip through it's detection (which usually is not a good thing and I almost never use it, but in this case it was handy). However You probably still need to look into Your site with the errors and warnings I reported, as others will most likley run into issues as well and have no clue what to do about it, or even report it. Potentially just give up. I'm used to tinkering and fix issues or find ways around it as I build my own PC's as well as my sons PC and I'm into tech stuff in general.

Eulogos wrote:

I would like to note that the error Norton gave is an important one, although not one particularly relevant to linking ones steam account. Having even just a single HTTP element on an HTTPS site completely undermines the HTTPS security and allows for a malicious third party to intercept and inject anything they like into the website. This is mainly a risk if the user visits games2gether on a public network, such as free wifi at a coffee shop. The elements that are insecure are the trailers for the game which are being pulled from akamaihd.net, a hosting service which steam uses. They need to be called as HTTPS elements not HTTP.

This should be brought to the web administrators attention for two reasons. First, it creates a potential vulnerability when the user vists g2g. Second, Google severely punishes websites which have any HTTP elements on them by deprioritizing them in search results.

Sobert wrote:
Yep and it's fixed.

Thank You both for Your replies as well as the fix and yes it now works without any issues. I had no issues to sync my account today with Google Chrome as well as Norton active. *thumbs up* 
Sorry for my late reply. I did read Your posts a while back was on my way out and no time to reply that day.