Closed Bug 892810 Opened 11 years ago Closed 10 years ago

https://www.mturk.com/ does not work properly because of mixed content blocking

Categories

(Web Compatibility :: Site Reports, defect)

Product:
Web Compatibility
Component:
Site Reports
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: tanvi, Unassigned, NeedInfo)

References

(
URL
)

Details

(Whiteboard: [mcb-chrome30+][mcb-ie][mcb-no-contact]) 

Mixed content blocking is a feature that prevents insecure elements on secure pages from loading. In Firefox 23, this feature will default to blocking "active" insecure content, which may break some web sites. 

More information on Firefox's Mixed Content Blocker is below: 
http://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

The security feature is currently breaking the HTTPS version of some mechanical turk pages.  Mechanical turk seems to embed HTTP iframes in many of their HTTPS pages.  Here is an example:
https://www.mturk.com/mturk/preview?groupId=2HGWQIHPCGJ2UXCY1JWXN0JPXYN71Q

Blocked loading mixed active content "http://184.72.249.63/render_hit_page_for_turk?assignmentId=ASSIGNMENT_ID_NOT_AVAILABLE&hitId=22DWJ5OPB0YVXUJ8KJ27KP9WKNC5X1" @ https://www.mturk.com/mturk/preview?groupId=2HGWQIHPCGJ2UXCY1JWXN0JPXYN71Q

<iframe height="800" scrolling="auto" frameborder="0" align="center" src="http://184.72.249.63/render_hit_page_for_turk?assignmentId=ASSIGNMENT_ID_NOT_AVAILABLE&amp;hitId=25LW5XH0JPPSZXV8CCCSV75M28FLFD" name="ExternalQuestionIFrame"></iframe>


This issue should also exist for your IE and Chrome 29+ users (although I have not confirmed on IE).

To fix this security issue, serve the embedded frame content over HTTPS and change the link in the HTML source of mturk.com to point to the https:// version of the content.

This was originally reported by a mturk user: https://input.mozilla.org/en-US/dashboard/response/3848240
Whiteboard: [mcb-chrome29+][mcb-ie?][mcb-no-contact] → [mcb-chrome29+][mcb-ie+][mcb-no-contact]
Whiteboard: [mcb-chrome29+][mcb-ie+][mcb-no-contact] → [mcb-chrome29+][mcb-ie][mcb-no-contact]
Appears to be fixed now. I used both affected URLs above. Closing.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Does anyone have a contact at Amazon?

I still see the issue on mturk pages.

Here are a couple:
https://www.mturk.com/mturk/preview?groupId=2PBXCNHMVHVKTTYQLPT7AJ7FKU113C
https://www.mturk.com/mturk/preview?groupId=294YY2AOO2GM55YJ0UHSKM6NAJ944V

You may have to click "View as HIT in this Group" for urls that no longer take you to the mturk task (because the task has expired).

From what I understand, each task has an iframe embedded in it.  The iframe may be HTTPS or it may be HTTP.  The HTTP iframes are blocked.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Submitted feedback on mturk.com to point them to this bug.
Whiteboard: [mcb-chrome29+][mcb-ie][mcb-no-contact] → [mcb-chrome30+][mcb-ie][mcb-no-contact]
I'm still having this problem.
Component: English US → Desktop
Is anybody still seeing this issue? Works for me on the URLs given in the report and in comments.
Flags: needinfo?(honeydipp)
Also WFM.
Status: REOPENED → RESOLVED
Closed: 11 years ago10 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.