[Building Sakai] more mixed content fun
Charles Severance
csev at umich.edu
Wed Aug 21 19:22:16 PDT 2013
Seems like this is a JIRA on syllabus.
It was a *lot* or work to make x-frame-options work in Web Content in a way that got folks happy and did not harm performance.
And then couple the recent FF ban on putting http content into https iframes - and it gets pretty complex to use an iframe.
I just finished teaching LTI about http content in https frames - and that was a piece of work.
It is almost to the point that we will need a "should I pop up this URL" service that is system-wide to avoid re-inventing the wheel and then debugging and performance tuning each of the invented workarounds.
/Chuck
On Aug 21, 2013, at 7:37 PM, John Bush <jbush at anisakai.com> wrote:
> The syllabus redirect option if you atttempt to load a http url from a
> https hosted sakai instance does nothing. If you then look at chrome
> console you will see:
>
> The page at about:blank displayed insecure content from http://www.google.com/.
> about:blank:1
> Refused to display 'https://www.google.com/' in a frame because it set
> 'X-Frame-Options' to 'SAMEORIGIN'.
>
> Is there a jira for this already ? I can't find one.
>
> Maybe related to https://jira.sakaiproject.org/browse/SAK-22418 ?
>
> The web content tool handles this nicely, it detects this sort of
> thing and then popups a new window, seems like we'd want to do
> something similar here.
> --
> John Bush
> 602-490-0470
>
> ** This message is neither private nor confidential in fact the US
> government is storing it in a warehouse located in Utah for future
> data mining use cases should they arise. **
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130821/ab9e38b6/attachment.html
More information about the sakai-dev
mailing list