You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Mat Mannion <M....@warwick.ac.uk> on 2010/06/10 12:29:50 UTC
External libraries in JS features - should they be served though the
proxy, or output verbatim?
Hi all,
I've been trying to track down some issues we've been having with
mixed content warnings. Our gadget container serves content over
HTTPS, so when any content is loaded over HTTP, it will (depending on
your browser) either show a warning icon (Chrome, Firefox et al) or
display an extremely scary warning (IE) to users. IE8 is particularly
troublesome, as the dialog is worded in such a way that the user will
a lot of the time click "Yes", which hides all the content over HTTP.
I realise (unless I am mistaken) that there's not a lot we can do
about content that's inserted by Javascript in gadgets that don't use
gadgets.io.getProxyUrl(), but I'm trying to eliminate content that is
inserted by the container over HTTP.
Through this, I've noticed that features that reference external
libraries (e.g. the analytics and com.google.gadgets.analytics
features) don't fetch the library and include them verbatim, but
instead insert a document.write() with the <script> tag, which is
throwing up mixed content warnings if the source library is served
over HTTP. I'm not sure if this is intentional, or just unimplemented,
but perhaps someone could shed some light on this?
Thanks in advance,
Mat
--
Mat Mannion
Web Developer
e-lab, IT Services
University of Warwick
Coventry
CV4 7AL
Tel: 024 765 74433
Email: M.Mannion@warwick.ac.uk
Re: External libraries in JS features - should they be served though
the proxy, or output verbatim?
Posted by Paul Lindner <pl...@linkedin.com>.
I committed the patch. Just so everyone is aware -- at startup the scripts
marked inline=yes are fetched, this might cause issues for people running
behind a firewall that blocks outbound access.
On Thu, Jun 10, 2010 at 6:21 AM, Mat Mannion <M....@warwick.ac.uk>wrote:
> Ugh, never mind. This can safely be ignored - having looked at the
> code it is pretty obvious that all you have to do is add inline="true"
> to the <script> tag in the feature.xml file.
>
> I'll shortly be submitting a patch to add this flag for the analytics
> and com.google.analytics features.
>
> Mat
>
> On 10 June 2010 11:29, Mat Mannion <M....@warwick.ac.uk> wrote:
> > Hi all,
> >
> > I've been trying to track down some issues we've been having with
> > mixed content warnings. Our gadget container serves content over
> > HTTPS, so when any content is loaded over HTTP, it will (depending on
> > your browser) either show a warning icon (Chrome, Firefox et al) or
> > display an extremely scary warning (IE) to users. IE8 is particularly
> > troublesome, as the dialog is worded in such a way that the user will
> > a lot of the time click "Yes", which hides all the content over HTTP.
> >
> > I realise (unless I am mistaken) that there's not a lot we can do
> > about content that's inserted by Javascript in gadgets that don't use
> > gadgets.io.getProxyUrl(), but I'm trying to eliminate content that is
> > inserted by the container over HTTP.
> >
> > Through this, I've noticed that features that reference external
> > libraries (e.g. the analytics and com.google.gadgets.analytics
> > features) don't fetch the library and include them verbatim, but
> > instead insert a document.write() with the <script> tag, which is
> > throwing up mixed content warnings if the source library is served
> > over HTTP. I'm not sure if this is intentional, or just unimplemented,
> > but perhaps someone could shed some light on this?
> >
> > Thanks in advance,
> >
> > Mat
> >
> > --
> > Mat Mannion
> > Web Developer
> > e-lab, IT Services
> > University of Warwick
> > Coventry
> > CV4 7AL
> >
> > Tel: 024 765 74433
> > Email: M.Mannion@warwick.ac.uk
> >
>
>
>
> --
> Mat Mannion
> Web Developer
> e-lab, IT Services
> University of Warwick
> Coventry
> CV4 7AL
>
> Tel: 024 765 74433
> Email: M.Mannion@warwick.ac.uk
>
Re: External libraries in JS features - should they be served though
the proxy, or output verbatim?
Posted by Mat Mannion <M....@warwick.ac.uk>.
Ugh, never mind. This can safely be ignored - having looked at the
code it is pretty obvious that all you have to do is add inline="true"
to the <script> tag in the feature.xml file.
I'll shortly be submitting a patch to add this flag for the analytics
and com.google.analytics features.
Mat
On 10 June 2010 11:29, Mat Mannion <M....@warwick.ac.uk> wrote:
> Hi all,
>
> I've been trying to track down some issues we've been having with
> mixed content warnings. Our gadget container serves content over
> HTTPS, so when any content is loaded over HTTP, it will (depending on
> your browser) either show a warning icon (Chrome, Firefox et al) or
> display an extremely scary warning (IE) to users. IE8 is particularly
> troublesome, as the dialog is worded in such a way that the user will
> a lot of the time click "Yes", which hides all the content over HTTP.
>
> I realise (unless I am mistaken) that there's not a lot we can do
> about content that's inserted by Javascript in gadgets that don't use
> gadgets.io.getProxyUrl(), but I'm trying to eliminate content that is
> inserted by the container over HTTP.
>
> Through this, I've noticed that features that reference external
> libraries (e.g. the analytics and com.google.gadgets.analytics
> features) don't fetch the library and include them verbatim, but
> instead insert a document.write() with the <script> tag, which is
> throwing up mixed content warnings if the source library is served
> over HTTP. I'm not sure if this is intentional, or just unimplemented,
> but perhaps someone could shed some light on this?
>
> Thanks in advance,
>
> Mat
>
> --
> Mat Mannion
> Web Developer
> e-lab, IT Services
> University of Warwick
> Coventry
> CV4 7AL
>
> Tel: 024 765 74433
> Email: M.Mannion@warwick.ac.uk
>
--
Mat Mannion
Web Developer
e-lab, IT Services
University of Warwick
Coventry
CV4 7AL
Tel: 024 765 74433
Email: M.Mannion@warwick.ac.uk