Details

      Description

      Since the eZ Publish 5.4.9.1 update, eZ Multi-Upload appears to be broken when the Administration Interface is loaded via HTTPS. When a multi-upload page such as https://example.com/ezdemo_site_admin/ezmultiupload/upload/122 is loaded, the browser JS console registers a number of errors:

      Mixed Content: The page at 'https://54ezdemo.com/ezdemo_site_admin/ezmultiupload/upload/122' was loaded over HTTPS, but requested an insecure stylesheet 'http://yui.yahooapis.com/combo?3.17.2/widget-base/assets/skins/sam/widget-base.css&3.17.2/cssbutton/cssbutton-min.css'. This request has been blocked; the content must be served over HTTPS.
       
      Mixed Content: The page at 'https://54ezdemo.com/ezdemo_site_admin/ezmultiupload/upload/122' was loaded over HTTPS, but requested an insecure script 'http://yui.yahooapis.com/combo?3.17.2/attribute-core/attribute-core-min.js&…nt-simulate/node-event-simulate-min.js&3.17.2/base-build/base-build-min.js'. This request has been blocked; the content must be served over HTTPS.
       
      Mixed Content: The page at 'https://54ezdemo.com/ezdemo_site_admin/ezmultiupload/upload/122' was loaded over HTTPS, but requested an insecure script 'http://yui.yahooapis.com/combo?3.17.2/file-html5/file-html5-min.js&3.17.2/u…-node-plugin/anim-node-plugin-min.js&3.17.2/anim-scroll/anim-scroll-min.js'. This request has been blocked; the content must be served over HTTPS.
       
      Mixed Content: The page at 'https://54ezdemo.com/ezdemo_site_admin/ezmultiupload/upload/122' was loaded over HTTPS, but requested an insecure stylesheet 'http://yui.yahooapis.com/combo?3.17.2/widget-base/assets/skins/sam/widget-base.css&3.17.2/cssbutton/cssbutton-min.css'. This request has been blocked; the content must be served over HTTPS.
       
      Mixed Content: The page at 'https://54ezdemo.com/ezdemo_site_admin/ezmultiupload/upload/122' was loaded over HTTPS, but requested an insecure script 'http://yui.yahooapis.com/combo?3.17.2/attribute-core/attribute-core-min.js&…nt-simulate/node-event-simulate-min.js&3.17.2/base-build/base-build-min.js'. This request has been blocked; the content must be served over HTTPS.
       
      Mixed Content: The page at 'https://54ezdemo.com/ezdemo_site_admin/ezmultiupload/upload/122' was loaded over HTTPS, but requested an insecure script 'http://yui.yahooapis.com/combo?3.17.2/file-html5/file-html5-min.js&3.17.2/u…-node-plugin/anim-node-plugin-min.js&3.17.2/anim-scroll/anim-scroll-min.js'. This request has been blocked; the content must be served over HTTPS.
      

        Issue Links

          Activity

          Hide
          Gunnstein Lye added a comment - - edited

          The 5.4.9.1 update changed our use of YUI from 2.x to 3.x, but both of them are using "http://" so both should fail if that was the cause. (See extension/ezjscore/settings/ezjscore.ini ExternalScripts setting.) Note also this information in the same file:
          # If it starts with :// http or https will be selected based on if page is served as https or not

          However, it may be that those who used Flash before was not affected by this issue in Multiupload (though it should still have occured in any other use of eZ JS Core / YUI).

          Finally, it seems that Yahoo's HTTPS is failing, example: https://yui.yahooapis.com/3.18.1/build/yui/yui-min.js
          "Will be right back... Thank you for your patience. Our engineers are working quickly to resolve the issue."
          Actually, contrary to this, their FAQ says SSL is not supported. https://github.com/yui/yui3/wiki/FAQ#does-yahoos-cdn-support-ssl

          Show
          Gunnstein Lye added a comment - - edited The 5.4.9.1 update changed our use of YUI from 2.x to 3.x, but both of them are using "http://" so both should fail if that was the cause. (See extension/ezjscore/settings/ezjscore.ini ExternalScripts setting.) Note also this information in the same file: # If it starts with :// http or https will be selected based on if page is served as https or not However, it may be that those who used Flash before was not affected by this issue in Multiupload (though it should still have occured in any other use of eZ JS Core / YUI). Finally, it seems that Yahoo's HTTPS is failing, example: https://yui.yahooapis.com/3.18.1/build/yui/yui-min.js "Will be right back... Thank you for your patience. Our engineers are working quickly to resolve the issue." Actually, contrary to this, their FAQ says SSL is not supported. https://github.com/yui/yui3/wiki/FAQ#does-yahoos-cdn-support-ssl
          Hide
          Gunnstein Lye added a comment -

          Also, there is a report that it tries to load YUI from the YAHOO CDN despite LoadFromCDN=disabled

          Show
          Gunnstein Lye added a comment - Also, there is a report that it tries to load YUI from the YAHOO CDN despite LoadFromCDN=disabled
          Hide
          Gunnstein Lye added a comment - - edited

          The LoadFromCDN=disabled setting doesn't work because YUI3_config isn't set. This can be done like the following (I will run this through peer review and QA, before distribution):
          (patch removed, that approach wasn't good enough)

          Show
          Gunnstein Lye added a comment - - edited The LoadFromCDN=disabled setting doesn't work because YUI3_config isn't set. This can be done like the following (I will run this through peer review and QA, before distribution): (patch removed, that approach wasn't good enough)
          Show
          Gunnstein Lye added a comment - PR: https://github.com/ezsystems/ezmultiupload/pull/17
          Hide
          Paulo Nunes (Inactive) added a comment - - edited

          PR verified by QA and seems to solve the problem

          I'll send the issue back to dev so that the merge may proceed

          Show
          Paulo Nunes (Inactive) added a comment - - edited PR verified by QA and seems to solve the problem I'll send the issue back to dev so that the merge may proceed
          Show
          Gunnstein Lye added a comment - - edited Merged in master: https://github.com/ezsystems/ezmultiupload/commit/2ae76eda70b3a71608d74b814531c7e9015a065e stable-5.3: https://github.com/ezsystems/ezmultiupload/commit/f2d3f89bd3c31b13de2cb5b28440429bf5dd9a60 stable-5.2: https://github.com/ezsystems/ezmultiupload/commit/df11c16ecba879c527a3f0979c5555e6b9907161 stable-5.1: https://github.com/ezsystems/ezmultiupload/commit/661f6ef9a240a9b78e4938d484fb8b56e8f2fda5 stable-5.0: https://github.com/ezsystems/ezmultiupload/commit/f25fb0cf0b464cf40fd5b4e8c8ae282f467148e3 stable-1.6 (4.7): https://github.com/ezsystems/ezmultiupload/commit/bdda611d6a1934f2b503bb3449ac42f6bcbbe564 stable-1.5 (4.6): https://github.com/ezsystems/ezmultiupload/commit/c0ecd264e6bc2197896845770f9823b8d60ca858 stable-1.4 (4.5): https://github.com/ezsystems/ezmultiupload/commit/5b5a3915778600500dc86a958c2d7f48346daa5a
          Hide
          Paulo Nunes (Inactive) added a comment -

          QA Approved

          Tested on 4.5, 4.6, 4.7, 5.0, 5.1, 5.2, 5.3 and 5.4

          Show
          Paulo Nunes (Inactive) added a comment - QA Approved Tested on 4.5, 4.6, 4.7, 5.0, 5.1, 5.2, 5.3 and 5.4

            People

            • Assignee:
              Unassigned
              Reporter:
              Nuno Oliveira (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 7 hours, 15 minutes
                1d 7h 15m