Hm, if your site is on https it could be a little problematic but yeah, I am not sure if there are any proper ways around this. Is this affecting your site?

Hi Mark

Perhaps I can manually override the http URL for youtube with the beta install?

I did look at VideoFilter but wasn't sure if that is the file. If you can point me in the right direction, I'll take a look at it.

Most likely heading towards that direction so might as well dig into it now.

Hello Peter,

We are actually using "oEmbed" api to retrieve the player data from the respective video providers and I don't think there's an easy way around this. Perhaps if you can post your site details and FTP here so that I can assess the situation? Or perhaps post this on the issues page at http://stackideas.com/issues as it allows us to link issues with our internal issue tracker

I've added the site details so you can take a look.

Now that I've tested some more, this is a bigger issue than originally thought

Also create issue for tracking http://stackideas.com/issues/1558

Is it 100% necessary that ALL pages be SSL?

I use SSL for my login and account pages or where a user is making a payment. So I am very familiar with this process.
A program I use and love is Yireo SSL: http://www.yireo.com/software/joomla-extensions/ssl-redirect

It will let you choose URL's, Components, and so forth. It will also re-direct NON-SSL URL's to SSL URL's and vice versa.

Maybe it can be of help.

James

Hi James

Good find! It's not 100% necessary but you also want to avoid all browsers blocking content due to injection script attacks.

From the details, it sounds like Yireo will work for standard Joomla items. Will give it a try though. Hope it'll account for oembed, youtube, vimeo, etc. links.

Thanks for sharing!

Peter, let me know as I am also interested in what your doing here.

You can find me on Skype: hjames82

Thanks,
James

There's a problem with https especially when you are trying to embed a video for instance, and the video uses http:// instead of https:// . There's a quick way of fixing things by manually replacing http:// with https:// but the problem is there is no way to know which video provider supports https and which doesn't.

To fix this, I have added the codes in the file /media/com_easysocial/apps/user/links/links.php and at line 274 added the codes below:

		$uri 		= JURI::getInstance();



		// If necessary, replace http:// with https://

		if( $oembed && $uri->getScheme() == 'https' )

		{

			// Try to replace http:// with https://

			$oembed->html 	= str_ireplace( 'http://', 'https://' , $oembed->html );

		}

This should fix videos from Youtube but it may cause unexpected results if the video provider does not support https.

Nice Mark, looking forward to giving it a shot.

James

No problem James

Thanks Mark!! Really appreciate you looking into this and sharing a fix. I will be testing some more.

Does anyone know how Twitter handles all the different 3rd party content?

I believe these could be controlled on the server layer, http://blog.iprofs.nl/2012/04/02/preventing-mixed-content-warnings-in-your-webapplication/ but not too sure about that. I personally never tried this before.

There seems to be also another blog post here, http://www.askapache.com/htaccess/mixed-ssl-content-warning-secure-fixed.html

Here is the result of my testing via local dev ES v1.1.6:

--posted youtube video via the ES link method using the https URL = video is blocked by the browser (white video box)
shouldn't think work since https URL is used?

--posted youtube video via the ES link method using http and then replace with https via phpmyadmin = embed does not play since the image links to youtube url directly

I wanted to avoid any bug related issue with 1.2 beta which is why I chose 1.1.6

Where did I make the mistake? Was I suppose to only replace certain http URL with https

Hm, the hack that is applied earlier is only applicable to "image source files". I just tried to post a Youtube URL and it works fine on your site by the way

Hi Mark

The issue was not on the beta ES version. It was being tested locally with 1.1.6

I'm made a copy to share with you so you can see what's going on.

You mentioned that the quickest way is to add https to the URL so I must have applied it incorrectly within phpmyadmin.

I have not applied the hack you provided because I did not want to make and file edit mistakes on the 1.1.6 install.

Oh, the fix is only applied on 1.2

In that case, I'll do some more testing on v1.2

Thanks Mark.

Thanks

Is SSL 100% compatible with EasySocial now, does sharing of external content work as intended? or is it generally recommended to avoid SSL on EasySocial pages? Please advise.

Not every single link is compatible but I believe most of them should be fixed already with the built in proxy feature What the proxy feature does:

1. Detects if your site is currently on https . If it does, proceeds to the next step

2. Checks if the originating image link is http, then changes the link to your site's URL with our own query string to fetch contents from the remote image, and display it via your site's https link instead.

Do take note, that your bandwidth will be utilized quite a bit if you have constant image serving from all these remote sites.

Ah excellent news. How about speed? How much does it slow down EasySocial?

When you link from a page in your site from https to a page pulling non-http content, most browsers will flash a warning. To us who have some web administrative experience, we understand what is going on and that it is a non issue. To a lot of people however, any type of warning puts them in panic mode and they assume stupid stuff like "this site has viruses" even if the warning is totally unrelated. If you are so secure financially or otherwise that you don't care about alienating even a small percentage of your audience because they are stupid, ignorant, petty, crazy, mercurial... etc, congratulations. But for most of us, the difference between viability and failure lies in micro-percentages. These kind of details matter.

It doesn't slow down that much if your host is great but do take note that it will chew on your bandwidth because your site is basically proxying the content from the original site.

Ok, so I just installed SSL, and I get a mixed content warning when a YouTube Video is in the stream. Is this because these items were shared before SSL was enabled?

Hello Jannik,

If the previous video that you have shared is using http://, EasySocial will fix it so that it renders the video using https instead.

I wonder then if it is images of shared content that still are stored on the origin server? Could those things be imported to be served from our server with SSL?

Hello Jannik,

The only way right now is via the proxy method so that a request will be made to your server and your server will automatically fetch the contents of the image remotely and using your server to display the image instead.

Apart from that, downloading their image is going to be extremely heavy I am afraid.

Hey Mark, the problem is it still serves the YouTube screenshot from an external link without SSL. Could you make it serve from SSL? If you type SSL before the links for YouTube screenshots they still work.

I checked https://i.ytimg.com/vi/ctlo9e5MDOg/hqdefault.jpg works... so maybe you could just make YouTube images serve from https:// too

Here is how it currently serves it, changing it to https:// should do the trick

Hello Jannik,

Is it possible for you to provide us with the back end and FTP access to your site to check on this issue?

Sure here it is

While logged into my account check out this: https://statusselect.com/stream/bookmarks if you want a simple way to reach it. I will publish a login module temporarily :P

Temp login published

Can you give this a try again Jannik? Just applied some fixes on the site.

Wonderful! Thanks a million!

No problem