For me, this presented itself when doing Panels admin in an HTTPS session, when Panels was building a form for me in an AJAX request. As the code indicates, the setting for "switch back to http ..." being true is part of the relevant context.

In this code block (in securepages_form_alter() in securepages.module):

    if ($page_match && !$is_https) {
      $form['#https'] = TRUE;
    }
    elseif ($page_match === 0 && $is_https && variable_get('securepages_switch', FALSE)) {
      $url['https'] = FALSE;
      $url['absolute'] = TRUE;
      $form['#action'] = url($url['path'], $url); // <--- this is the line of interest
    }

the $url['path'] is already url-encoded (via url(), actually) from earlier in the form build process.

Workaround (thanks @grendzy): add */ajax/* to the list of ignored paths. However, it seems appropriate to explore a more substantial fix.

reproducing the issue

1. "Switch back to http pages when there are no matches" is ON
2. No particularly relevant paths in ignored paths setting
3. "Make secure only the listed pages."
4. "panels/*, admin/*" in secure paths
5. Go to /admin/structure/mini-panels/add, fill out and proceed.
6. Should now be on /admin/structure/mini-panels/add/context
7. Click "add required context", brings up form in modal, via ajax.

The form presented has a double-encoded action URL, and will fail when you attempt to submit it.

Comments

ctrahey’s picture

ctrahey commented
Issue summary: View changes

Add reproduction steps

astonvictor’s picture

astonvictor commented
Status: Active » Closed (outdated)

I'm closing it because the issue was created a long time ago without any further steps.

if you still need it then raise a new one.
thanks