Quote from: a1exSolved, thanks @Hask.
You're welcome, glad I could do something back for Magic Lantern
- Welcome to Magic Lantern Forum.
News:
Etiquette, expectations, entitlement...
@autoexec_bin | #magiclantern | Discord | Reddit | Server issues
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Forum and Website / Re: NB Folder Access - nightly link not working
September 14, 2014, 07:19:43 PMYou're welcome, glad I could do something back for Magic Lantern
#2
Forum and Website / Re: NB Folder Access - nightly link not working
August 11, 2014, 10:44:47 PM
Guys, this just came up in the IRC channel.
As far as I can see, this is not an HSTS but a Content-Security Policy error, and modern webbrowsers are just protecting their end users.
The issue is what the Console in Chrome-developer tools will immediately tell you:
XMLHttpRequest cannot load http://builds.magiclantern.fm/jenkins/view/ML%20Platforms/api/json. Received an invalid response. Origin 'https://builds.magiclantern.fm' is therefore not allowed access.
In other words, non-HTTPS resources are attempted to be loaded from an HTTPS-site and the browser is not having any of it (and rightfully so).
Looking over the AngularJS source, this comes mostly down to hardcoded http-protocols being used in the urls.
Firstly, to get it to work, I've locally changed in the Chrome-debugger references to the protocol in the file app.js, change:
RestangularProvider.setBaseUrl('http://builds.magiclantern.fm/jenkins/');
so that it doesn't include the protocol (which means it'll use the protocol of the current site), so:
RestangularProvider.setBaseUrl('//builds.magiclantern.fm/jenkins/');
This is enough to get the downloads working, but, really, all the hardcoded protocols from the url-references should be deleted (or changed to HTTPS if it's really never meant to run under HTTP). There are also other errors in the console when clicking download, but at least it works.
Is the source of the app open for download somewhere? I'd happily help where I can with this.
Hope this helps!
EDIT:
Came up in the IRC-channel again.
It seems to work in IE11, but that can only be the case if you use the non-HTTPS link. If you use HTTPS, IE11 works correctly by blocking.
The difference is that if you use the non-HTTPS link in Chrome, it changes the protocol to HTTPS (because, HSTS). The site then automagically gets broken for a large part of your users.
So, I think removing the hardcoded http-references should still work, also when in the future IE will support HSTS.
As far as I can see, this is not an HSTS but a Content-Security Policy error, and modern webbrowsers are just protecting their end users.
The issue is what the Console in Chrome-developer tools will immediately tell you:
XMLHttpRequest cannot load http://builds.magiclantern.fm/jenkins/view/ML%20Platforms/api/json. Received an invalid response. Origin 'https://builds.magiclantern.fm' is therefore not allowed access.
In other words, non-HTTPS resources are attempted to be loaded from an HTTPS-site and the browser is not having any of it (and rightfully so).
Looking over the AngularJS source, this comes mostly down to hardcoded http-protocols being used in the urls.
Firstly, to get it to work, I've locally changed in the Chrome-debugger references to the protocol in the file app.js, change:
RestangularProvider.setBaseUrl('http://builds.magiclantern.fm/jenkins/');
so that it doesn't include the protocol (which means it'll use the protocol of the current site), so:
RestangularProvider.setBaseUrl('//builds.magiclantern.fm/jenkins/');
This is enough to get the downloads working, but, really, all the hardcoded protocols from the url-references should be deleted (or changed to HTTPS if it's really never meant to run under HTTP). There are also other errors in the console when clicking download, but at least it works.
Is the source of the app open for download somewhere? I'd happily help where I can with this.
Hope this helps!
EDIT:
Came up in the IRC-channel again.
It seems to work in IE11, but that can only be the case if you use the non-HTTPS link. If you use HTTPS, IE11 works correctly by blocking.
The difference is that if you use the non-HTTPS link in Chrome, it changes the protocol to HTTPS (because, HSTS). The site then automagically gets broken for a large part of your users.
So, I think removing the hardcoded http-references should still work, also when in the future IE will support HSTS.
Pages1