Cooliris "mixed active content" error with https

dspguy1

Joined: 2003-01-14
Posts: 45
Posted: Mon, 2014-03-17 10:58

I'm running into issues playing a slideshow with my gallery when I'm logged in using SSL. The slideshow works find when I'm logged in via http.

Essentially, the page tries to grab javascript from cooliris.com and fails. Here's what firebug reports:

Blocked loading mixed active content "http://e.cooliris.com/slideshow/v/37732/embed.js"
...Reload the page to get source for: https://e.cooliris.com/slideshow/v/37732/go.js (line 1)
Blocked loading mixed active content "http://e.cooliris.com/slideshow/v/37732/swfobject.js"
...Reload the page to get source for: https://e.cooliris.com/slideshow/v/37732/go.js

Is there something I can do to allow this?

Thanks,
MT

Some info about install:
PHP Version 5.4.9-4ubuntu2.4
Apache Version Apache/2.2.22 (Ubuntu)
System Linux server 3.8.0-35-generic #50-Ubuntu SMP Tue Dec 3 01:25:33 UTC 2013 i686
PHP API 20100412
PHP Extension 20100525
Loaded Modules core mod_log_config mod_logio mod_version itk http_core mod_so mod_actions mod_alias mod_auth_basic mod_auth_digest mod_authn_file mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_cgi mod_dav mod_dav_fs mod_dir mod_env mod_headers mod_mime mod_negotiation mod_passenger mod_perl mod_php5 mod_proxy mod_proxy_ftp mod_proxy_http mod_proxy_connect mod_proxy_html mod_python mod_reqtimeout mod_rewrite mod_setenvif mod_ssl mod_status

 
cpc1

Joined: 2014-03-27
Posts: 3
Posted: Thu, 2014-03-27 07:04

if you mean a private and fully https session, i'm having the same problem for a private family album and I don't want to ask my users to change there browser mixed content settings

I don't think it's a problem with gallery3...looks like they fixed https urls a while ago http://sourceforge.net/apps/trac/gallery/changeset/20313

below is what is happening

The script that is embedded in the slideshow view page
<script src="https://e. cooliris. com/slideshow/v/37732/go.js" type="text/javascript"></script>

pulls in a self-executing anonymous function that adds other script tags using the DOM:

(function(){var l=window,d="undefined",h=null,p,n,a,g;l.cooliris=l.cooliris||{};p=l.cooliris;p.embed=p.embed||{};n=p.embed;n.modules=n.modules||{};a=n.modules;var j="http://e.cooliris.com/slideshow/v/37732/embed.js",f="http://e.cooliris.com/slideshow/v/37732/swfobject.js",k=0;function c(q){var m=document.getElementsByTagName("head")[0];var e=document.createElement("script");e.type="text/javascript";e.src=q;m.appendChild(e)}function o(e){k=0;if(!a.slideshow){c(j)}else{k++}if(typeof(swfobject)==d){c(f)}else{k++}g=e;b()}function i(e){k++;b()}function b(){if(k==2){cooliris.embed.createSlideshow(g)}}n.show=o;n.onJSLoaded=i})();


and then the below scripts are added / requested

[00:20:38.086] GET http://e. cooliris. com/slideshow/v/37732/embed.js [HTTP/1.1 200 OK 47ms]

[00:20:38.087] GET http://e. cooliris. com/slideshow/v/37732/swfobject.js [HTTP/1.1 200 OK 46ms]

[00:20:39.305] GET http://e. cooliris. com/slideshow/v/37732/cooliris.swf [HTTP/1.1 200 OK 200ms]

[00:20:39.479] GET http://fpdownload. adobe.com/pub/swz/crossdomain.xml [HTTP/1.1 200 OK 90ms]

[00:20:39.640] GET http://fpdownload. adobe.com/crossdomain.xml [HTTP/1.1 200 OK 40ms]

[00:20:40.533] GET http://www. google-analytics. com/__utm.gif?utmwv=4.3as&utmn=547077202&utmhn=xxxx.xxxxx.xxxx&utmcs=UTF-8&utmsr=1360x768&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=12.0%20r0&utmdt=Gallery&utmhid=1367144530&utmr=-&utmp=%2Fslideshow%2Fload&utmac=UA-11631282-2&utmcc=__utma%3D63669944.4057346986.1395893699.1395893699.1395894040.2%3B%2B__utmz%3D63669944.1395893699.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B [HTTP/1.1 200 OK 60ms]

and they are all http and not https, hence the mixed content blocking / warning  


Even if you embed these scripts in your code you might have to write a javascript using the dom to modify the src or protocol properties...

so i'm stuck for now if anyone has a workaround pls post

 
cpc1

Joined: 2014-03-27
Posts: 3
Posted: Thu, 2014-03-27 06:41

...or you can change your browser settings :

IE-x: Intenet Options>Security>Custom Level>Miscellaneous> check Display Mixed Content

Firefox or Mozilla-based browser: navigate to about:config and search for mixed and select the settings to block and warn

I wouldn't recommend this to casual users though