Some members are having trouble adding food to their Food Diary from the website

Wednesday, July 12, 2017, 12:38pm PST

Hello,

Starting Thursday 7/6, we began receiving reports of some members having trouble adding food to their Food Diary via the website.  

This is manifesting in two ways:  

1.  Trying to add a food via the database is throwing a "site temporarily down for maintenance" error
2. Lists (Frequent/Recent/My Meals/Recipes) aren't populating when trying to add food from them.  When adding food from a list that is populating, it yields the error mentioned in #1.

We have been working with both members and our engineers on this, and in collecting information from our members, the majority of people affected are running the HTTPSEverywhere extension in their browser.  When turning off the HTTPSEverywhere extension for the MyFitnessPal website, users have been able to access their Food Diary again as expected.  

HTTPSEverywhere lists an update to their extension in the Chrome Web Store
 (Version: 2017.7.5, Date Updated: July 6, 2017), which explains why it worked prior to that date, but not after.  If you are running this extension, please disable it, and the MyFitnessPal website should function as normal.  Their FAQ asks that if their extension breaks a site that you use, to please contact them and report it, so they can try and fix it.  You can contact them here.

At the bottom of this post, there will be additional information regarding HTTP vs. HTTPS usage and MyFitnessPal, as well as links to HTTPSEverywhere FAQs that may be of use and provide additional information.  If these interest you, please continue reading to the bottom of this post.

If you are experiencing this issue, but do not have HTTPSEverywhere installed, please contact us via email here, so we can request additional details.


We will continue to update this article if more information becomes available.  Please check back for further updates.

Best,

MyFitnessPal Staff

-----------------------------------------------


The following links from HTTPSEverywhere's FAQs may be of further use and insight.

Please Note: the HTTPSEverywhere site has a fake "Blocked" alert that pops up initially.  If you click off of this "Blocked" pop up, it will move you along to the website, and explains the fake "Blocked" alert.  Do not be alarmed or think you cannot access the page due to that alert.


What if HTTPS Everywhere breaks some site that I use?
As mentioned above, their FAQ asks that if their extension breaks a site that you use, to please contact them and report it, so they can try and fix it.  You can contact them here.

How do I uninstall/remove HTTPS Everywhere?

What if the site doesn't support HTTPS, or only supports it for some activities, like entering credit card information?

Per this FAQ page, we are aware that using HTTPS for all site features is an increasingly common practice nowadays and protects users (and sites) against a variety of Internet attacks. In order to address this and share how http/https works on MyFitnessPal, please continue reading.

All login pages of the MyFitnessPal site are encrypted via https. This includes:
          http://www.myfitnesspal.com
          http://www.myfitnesspal.com/login
          http://www.myfitnesspal.com/logout

Although our home page at http://www.myfitnesspal.com may not indicate the presence of https in your browser's interface, the actual login "lightbox" or pop-over window on the home page does send your login credentials via https.

Once logged in, however, most data interactions on the site are not sent via https. This is a concession we have made to be able to offer our health and fitness tools for free. Our revenue model is mostly comprised of presenting advertising on the site. We work with a number of ad aggregation companies, and these partners serve their ads to us via http. As a result, we cannot serve most pages of the site via https without badly reducing the usability of the site. As but one example, many browsers and internet security programs are prompted to present warnings to users because of "mixed content" on pages of our site, when some content on a given page is sent via SSL and some is not.

Login credentials, password change requests, and other high-security actions (such as payments to upgrade to our Premium version) are processed with encryption. Other data, like diary content, is currently not encrypted. 

 
Last Updated: Jul 13, 2017 12:51PM PDT

Contact Us

Don't see the answer to your question?

Your fellow MyFitnessPal users and our Customer Happiness Team are always here to help.