Closed Bug 903691 Opened 11 years ago Closed 9 years ago

Load demos (all or some) through HTTP rather than HTTPS

Categories

(developer.mozilla.org Graveyard :: Demo Studio / Dev Derby, enhancement)

Product:
developer.mozilla.org Graveyard
Component:
Demo Studio / Dev Derby
Platform:
All
Other
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: openjck, Unassigned)

Details

(Whiteboard: [specification][type:bug][triaged]) 

What did you do?
================
Load the following two demo landing pages, then hit "Launch Demo" on each.

* https://developer.mozilla.org/en-US/demos/detail/falling-in-circles
* https://developer.mozilla.org/en-US/demos/detail/running-image-triangulation-and-extrusion

What happened?
==============
Demos have errors because they were loaded over HTTPS.

What should have happened?
==========================
Demos should work correctly, as they do when loaded over HTTP.

Is there anything else we should know?
======================================
We have run into this issue a number of times before, but it has been especially problematic lately. Can we load demos over HTTP, or at least offer some way of doing this conditionally?

As it stands, Dev Derby users are seeing broken demos when not strictly necessary, and are missing out on some really incredible ones as a result.
Component: General → Demo Studio / Dev Derby
I don't see an issue with either of those demos - they load and run fine for me. Can you specify the browser & version under which you were seeing issues? (Mine is Firefox 22.0 on OS X)

As for serving up with HTTP, it looks like the CDN will do it:

    http://developer.cdn.mozilla.net/media/uploads/demos/r/o/rossmckegney/0e2e691e2d9617d5566e52eb1dfdd0b0/falling-in-circles_1371497189_demo_package/index.html

    http://developer.cdn.mozilla.net/media/uploads/demos/w/i/wizgrav/f232e401f674086f9aae99b474e27ed0/running-image-triang_1372626220_demo_package/index.html

But, MDN is HTTPS-only, so demos served up with http will not work with the iframe'd nav bar due to mixed content restrictions. 

Switching MDN itself over to HTTP-only or even HTTPS-optional is a larger discussion in bug 783685
(And also bug 671794, since bug 783685 got RESOLVED DUPLICATE)
And, since I can't reproduce issues with either of those demos - can you elaborate? Any errors in particular? What specifically failed, and what led you to believe HTTPS was the culprit?
I am using Firefox 23 / Linux. I bet this has something to do with the mixed-content changes Firefox 23 introduced.

The errors do not come from the browser, but rather the demo. I get warnings like "Did you forget to enable API access on the project?", etc. I know that HTTPS is the culprit (or at least, am very confident that HTTPS is the culprit) because the demos load fine when loaded over HTTP.
From one of the demo authors...

> It worked fine in Firefox 22.0 (Mac), but when I updated to 23.0 I see the same error you do.
I just upgraded to Firefox 23, and see an error on the "falling-in-circles" demo.

It looks like the problem is that the demo is attempting to fetch HTTP resources from assets.verold.com. So, yes, that's a mixed-content issue - but actually I think this failure is working-as-intended.

In general, demos uploaded to Demo Studio need to be self-contained. That is, they should only fetch resources relative to the contents of the .zip file that we unpack and host on our CDN. Otherwise, we can't guarantee that they'll work (whether served up from HTTP or HTTPS).

We've made some exceptions for demos that need an off-site web sockets server, but other than that they need to be standalone collections of resources.
For "running-image-triangulation-and-extrusion" on Firefox 23, I get this error on some but (not all) of the images, regardless of whether it's been served up from either HTTP or HTTPS:

  NS_ERROR_NOT_AVAILABLE: component is not available

I think HTTP vs HTTPS is a red herring in that demo's case
On that demo, notice that clicking the images (top of the viewport) has an effect over HTTP but not HTTPS.
(In reply to John Karahalis [:openjck] from comment #8)
> On that demo, notice that clicking the images (top of the viewport) has an
> effect over HTTP but not HTTPS.

Oh which demo - the "running-image..." demo? Whether served up via HTTP or HTTPS, what I notice is that I get errors either way.
(In reply to Les Orchard [:lorchard] from comment #9)
> (In reply to John Karahalis [:openjck] from comment #8)
> > On that demo, notice that clicking the images (top of the viewport) has an
> > effect over HTTP but not HTTPS.
> 
> Oh which demo - the "running-image..." demo? Whether served up via HTTP or
> HTTPS, what I notice is that I get errors either way.

For example, clicking the first image after loading the demo from HTTP (*not* SSL), I get the error:

http://dl.dropboxusercontent.com/u/2798055/Screenshots/nhqG.png
The Running Image demo, yeah. The error you mention may persist regardless of protocol, but when I reported this bug I was only able to use the demo over HTTP (where "use" means that by clicking Mario, a bigger Mario appears in the center of the screen) . But now, it seems I am occasionally able to use this demo over HTTPS, and occasionally /un/able to use it over HTTP. So it's working may be unrelated to HTTP/HTTPS.

But the Falling in Circles demo does still only work over HTTP.
(In reply to John Karahalis [:openjck] from comment #11)

> But the Falling in Circles demo does still only work over HTTP.

Yes, I know - see Comment #6
Severity: normal → enhancement
Whiteboard: [specification][type:bug] → [specification][type:bug][triaged]
Demo Studio is being removed from MDN and archived as of end January 2016
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.