46 bytes, text/x-github-pull-request
|Details | Review | Splinter Review|
E.g. https://air.mozilla.org/rock-your-firefox/ Also http://videos.mozilla.org/serv/marketing/sfx_edutoolkit/AddOns_RYFF.ogv redirects to https://videos-real-origin.cdn.mozilla.net/uploads/marketing/sfx_edutoolkit/AddOns_RYFF.ogv So that needs to be added to the CSP.
Two things need to happen. 1) We need to change the URL on all those events to point to the HTTPS URL 2) We need to add videos-real-origin.cdn.mozilla.net to the CSP I'll take care of point 2.
Created attachment 8797672 [details] [review] Link to Github pull-request: https://github.com/mozilla/airmozilla/pull/759
In the above mentioned PR, I added 3 new domains to the white list for CSP: 1) videos.mozilla.org 2) videos.cdn.mozilla.net 3) videos-real-origin.cdn.mozilla.net Let's not do that. Let's just add 1. But which one? With one SQL Update statement I can correct ALL video template environments for all events (at the time of writing there are 121 events). So once we've decided which ones is best, I'll take care of it with SQL directly on prod. Which ever one we chose, it has to start with https:// * http://videos.mozilla.org/* doesn't work, so not applicable * https://videos.mozilla.org/* redirects to https://videos.cdn.mozilla.net/* * https://videos.cdn.mozilla.net/* redirects to https://videos-real-origin.cdn.mozilla.net/* So it sounds like a slam dunk, but it just smells strange that a nice sounding domain like videos.cdn.mozilla.net *redirects* to a domain called videos-real-origin.cdn.mozilla.net. Normally you have your CDN domains proxy to a domain with the word "origin". Until we fix this all 121 old videos are broken. Who knows about these CDNs? Shyam, do you at least know who to ping?
Let's just migrate them all instead. See https://bugzilla.mozilla.org/show_bug.cgi?id=1307854
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.