[Building Sakai] more mixed content fun
John Bush
jbush at anisakai.com
Thu Aug 22 10:32:16 PDT 2013
I logged a bug, https://jira.sakaiproject.org/browse/SAK-23877
I'm thinking in the syllabus case, just always opening a new window is
the best solution. Detecting the protocol mismatch or header seems
like overkill in this case to me.
On Wed, Aug 21, 2013 at 7:31 PM, Matthew Jones <matthew at longsight.com> wrote:
> The default share link for youtube is an iframe too. That really would be a
> piece of work if they didn't drop the protocol entirely and support both,
> since people can put iframes anywhere with CKEditor.
> src="//www.youtube.com . . .
>
> Really every website should just use this (or we should filter the protocol)
> and support both http and https, but many sites don't even have an https
> version.
>
>
> On Wed, Aug 21, 2013 at 10:22 PM, Charles Severance <csev at umich.edu> wrote:
>>
>> Seems like this is a JIRA on syllabus.
>>
>> It was a *lot* or work to make x-frame-options work in Web Content in a
>> way that got folks happy and did not harm performance.
>>
>> And then couple the recent FF ban on putting http content into https
>> iframes - and it gets pretty complex to use an iframe.
>>
>> I just finished teaching LTI about http content in https frames - and that
>> was a piece of work.
>>
>> It is almost to the point that we will need a "should I pop up this URL"
>> service that is system-wide to avoid re-inventing the wheel and then
>> debugging and performance tuning each of the invented workarounds.
>>
>> /Chuck
>>
>> On Aug 21, 2013, at 7:37 PM, John Bush <jbush at anisakai.com> wrote:
>>
>> The syllabus redirect option if you atttempt to load a http url from a
>> https hosted sakai instance does nothing. If you then look at chrome
>> console you will see:
>>
>> The page at about:blank displayed insecure content from
>> http://www.google.com/.
>> about:blank:1
>> Refused to display 'https://www.google.com/' in a frame because it set
>> 'X-Frame-Options' to 'SAMEORIGIN'.
>>
>> Is there a jira for this already ? I can't find one.
>>
>> Maybe related to https://jira.sakaiproject.org/browse/SAK-22418 ?
>>
>> The web content tool handles this nicely, it detects this sort of
>> thing and then popups a new window, seems like we'd want to do
>> something similar here.
>> --
>> John Bush
>> 602-490-0470
>>
>> ** This message is neither private nor confidential in fact the US
>> government is storing it in a warehouse located in Utah for future
>> data mining use cases should they arise. **
>>
>>
>>
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to
>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org
> with a subject of "unsubscribe"
--
John Bush
602-490-0470
** This message is neither private nor confidential in fact the US
government is storing it in a warehouse located in Utah for future
data mining use cases should they arise. **
More information about the sakai-dev
mailing list