Closed Bug 861753 Opened 12 years ago Closed 12 years ago

vine.co links on Twitter and Facebook blocked (mixed content)

Categories

(Tech Evangelism Graveyard :: English US, defect)

Product:
Tech Evangelism Graveyard
Component:
English US
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: Dolske, Unassigned)

References

Details

I'm getting mixed content warnings (and broken content) from vine.co links on Twitter and Facebook. I've been running with the mixed content pref enabled (before it became default), but only just noticed this. Recent regression? EG https://twitter.com/frankyan/status/323664806118842368 Hmm: <iframe class="card2-player-iframe" src="https://vine.co/v/bFrhUFrirYi/card" width="375" height="375" frameborder="0"> </iframe> Yeah, even loading https://vine.co/v/bFrhUFrirYi/card directly does the same. Didn't we add logging for what triggered the mixed blocking? I'm not seeing anything in the web console or error console. :(
Does your installation support mp4? the flash fallback uses http://vjs.zencdn.net/c/video-js.swf VideoJS.options={ techOrder:["html5","flash"], html5:{}, flash:{ swf:"http://vjs.zencdn.net/c/video-js.swf" }, width:"auto", height:"auto", defaultVolume:0, components:{ posterImage:{}, textTrackDisplay:{}, loadingSpinner:{}, bigPlayButton:{}, controlBar:{} } }
Flags: needinfo?(dolske)
I'm on OS X, so no.
Flags: needinfo?(dolske)
Note that this is not a problem on Windows 7 as long as MP4 support is enabled. The Twitter embed and the direct link in comment 0 both work fine for me. (In reply to Cork from comment #1) > Does your installation support mp4? the flash fallback uses > http://vjs.zencdn.net/c/video-js.swf This is exactly what the feature is supposed to block. A MitM can modify the swf to p0wn the hosting page's origin. I also checked and both of these are identical: http://vjs.zencdn.net/c/video-js.swf https://vjs.zencdn.net/c/video-js.swf So, implementing bug 776278 will fix this. Also, more MP4 support on more platforms will fix this on those platforms (bug 799318).
Assignee: nobody → english-us
Component: Security → English US
Depends on: 776278
Product: Firefox → Tech Evangelism
Target Milestone: --- → Apr
Version: unspecified → Trunk
Should we try to contact twitter and facebook and ask them to update their links to the https version? Also, is this still a problem? Visiting https://twitter.com/frankyan/status/323664806118842368 on OS X / Firefox 24, I don't see any issues.
Ya, vine.co has fixed there javascript: u.Pb="https:"==document.location.protocol?"https://":"http://"; u.options={ techOrder:["html5","flash"], html5:{}, flash:{ swf:u.Pb+"vjs.zencdn.net/c/video-js.swf" }, width:"auto", height:"auto", defaultVolume:0, components:{ posterImage:{}, textTrackDisplay:{}, loadingSpinner:{}, bigPlayButton:{}, controlBar:{} } }
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.