Use https for vid.ly iframes and thumbnails.

VERIFIED FIXED in 1.2

Status

P2
normal
VERIFIED FIXED
7 years ago
7 years ago

People

(Reporter: mkelly, Assigned: jfong)

Tracking

unspecified
Dependency tree / graph

Details

(Whiteboard: [dev])

(Reporter)

Description

7 years ago
Since we're serving flicks over https, we need to make sure all content on the page is also served via https. Currently, our vid.ly iframe embed and thumbnail url are standard HTTP.

Switching the thumbnail url to https causes an untrusted certificate error; we should check with vid.ly via their support chat to see if they have a url with a valid certificate for thumbnails. I didn't test with the embed, but I suspect a similar issue there as well.
(Assignee)

Updated

7 years ago
Assignee: nobody → jfong
(Assignee)

Comment 1

7 years ago
I talked to vid.ly support and they currently do not support https. Fred and I talked about it and for now we will leave it as http and let that warning show up. But on a side note, I did update google fonts and gravatar to the https versions.
Fwiw, I am not sure if Firefox even still warns on mixed content, even if you have a pristine profile.

That said, I wish we could fix it, but using https with an invalid cert is worse, as it *will* pop up an error and equally lead to a "broken padlock"[1].

[1] yes, I know there's no padlock icon anymore.
Blocks: 720430

Updated

7 years ago
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 729973
Apologies, this wasn't a dupe. This bug covers the necessary code changes to switch to https when vidly has a proper cert in place.
Status: RESOLVED → REOPENED
Depends on: 729973
Resolution: DUPLICATE → ---
If we can get this done for initial launch, fantastic. Otherwise, we can push it in a subsequent release.
Priority: -- → P2
Target Milestone: --- → 1.1
Duplicate of this bug: 730950
Unblocking for launch since Vidly won't be able to resolve before the end of March. We'll deal with mix-content issues for the time being.
Blocks: 700465
No longer blocks: 720430
(Reporter)

Updated

7 years ago
Target Milestone: 1.1 → 1.2

Updated

7 years ago
Status: REOPENED → RESOLVED
Last Resolved: 7 years ago7 years ago
Resolution: --- → FIXED
Verified FIXED; all requests appear to be over HTTPS:

[18:11:46.902] GET https://firefoxflicks-dev.allizom.org/en-US/video/63 [HTTP/1.1 200 OK 328ms]
[18:11:47.428] GET https://vid.ly/embeded.html?link=6q3h9k&autoplay=false [HTTP/1.1 200 OK 398ms]
[18:11:47.609] GET https://firefoxflicks-dev.allizom.org/media/img/vote.png [HTTP/1.1 200 OK 29ms]
[18:11:48.019] GET https://d132d9vcg4o0oh.cloudfront.net/vid.ly/1.0.0.15/css/video-js.css [HTTP/1.0 200 OK 70ms]
[18:11:48.023] GET https://d132d9vcg4o0oh.cloudfront.net/vid.ly/1.0.0.15/js/swfobject.js [HTTP/1.0 200 OK 139ms]
[18:11:48.027] GET https://d132d9vcg4o0oh.cloudfront.net/vid.ly/1.0.0.15/js/embeded_video.js [HTTP/1.0 200 OK 197ms]
[18:11:48.032] GET https://d132d9vcg4o0oh.cloudfront.net/vid.ly/1.0.0.15/js/run.js [HTTP/1.0 200 OK 206ms]
[18:11:48.296] GET https://d132d9vcg4o0oh.cloudfront.net/m.vid.ly/1.0.0.26/js/html5.js?link=6q3h9k&autoplay=false&width=600&height=337 [HTTP/1.0 200 OK 15ms]
[18:11:48.488] GET http://cf.cdn.vid.ly/6q3h9k/poster.jpg [HTTP/1.0 200 OK 23ms]
[18:11:48.494] GET https://vid.ly/embeded.html?link=6q3h9k&autoplay=false [HTTP/1.1 304 Not Modified 75ms]
[18:11:51.768] GET https://vid.ly/6q3h9k?content=video&format=webm [HTTP/1.1 302 Found 2360ms]
[18:11:54.131] GET https://d3fenhwk93s16g.cloudfront.net/6q3h9k/webm.webm [HTTP/1.0 206 Partial Content 244ms]
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.