[Building Sakai] more mixed content fun
Matthew Jones
matthew at longsight.com
Wed Aug 21 18:52:30 PDT 2013
Right part of the change to the web tool in 2.9.2 to a portlet included
detection for X-Frame-Options. This option in the remote server header
prohibits framing mixed content or not.
This was fixed in that tool by:
https://jira.sakaiproject.org/browse/SAK-21624
That detection was not used in any other tool that might possibly have web
links embedded in the iframe. There were a few indicated in the core
(Syllabus, Lessons) and a few contrib (Mneme and JForum). None of these
were worked on as part of this work.
I believe that having these tools actually iframes within iframes rather
than portlets makes this problem harder to solve though.
On Wed, Aug 21, 2013 at 7:37 PM, John Bush <jbush at anisakai.com> wrote:
> The syllabus redirect option if you atttempt to load a http url from a
> https hosted sakai instance does nothing. If you then look at chrome
> console you will see:
>
> The page at about:blank displayed insecure content from
> http://www.google.com/.
> about:blank:1
> Refused to display 'https://www.google.com/' in a frame because it set
> 'X-Frame-Options' to 'SAMEORIGIN'.
>
> Is there a jira for this already ? I can't find one.
>
> Maybe related to https://jira.sakaiproject.org/browse/SAK-22418 ?
>
> The web content tool handles this nicely, it detects this sort of
> thing and then popups a new window, seems like we'd want to do
> something similar here.
> --
> John Bush
> 602-490-0470
>
> ** This message is neither private nor confidential in fact the US
> government is storing it in a warehouse located in Utah for future
> data mining use cases should they arise. **
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130821/5fd09e02/attachment.html
More information about the sakai-dev
mailing list