Hi Pascal, no, the problem is reproducable steadily - and I even know why, but I don't know how to solve it for all browsers yet. Though its definetly not a cache problem.
I can try to describe the problem again: * I am referencing the HTTPS-page https://creativecommons.org/choose/?partner=dspace in my iframe, which is embedded in a HTTPS-page. * Surprisingly enough, the embedded page is not loaded over HTTPS, but over HTTP - this causes trouble to display the page at all, because Firefox and Chromium block mixed (active) content as e.g. a reference in an iframe * in Firefox the page is displayed, if I use the HTTPS-reference. But it does not work properly (the form displayed on that page is still referenced to a HTTP-page, and this is being blocked again) * in Chromium the page is not displayed at all, its blocked due to the "mixed content problem" (this is what I do not understand, because in the source code of the page its referenced via HTTPS properly) * Using a protocol-relative URL //creativecommons.org/choose/?partner=dspace works perfectly in Firefox - it should also work in Chromium, but in fact it doesn't (there is still the error message, that mixed content is being blocked) I have prepared a public test page to illustrate what I mean: https://www.tub.tu-harburg.de/ext/iframe/test.html You can try it with different browsers using HTTP or HTTPS and see what happens... Using the HTTPS URL in Chromium does not work for all embedded iframes (although the second iframe is embedded using a HTTPS-URL and the third uses a protocol-relative URL, both should be displayed). To compare it, I have prepared an additional test with our main homepage: https://www.tub.tu-harburg.de/ext/iframe/tub.html. As you see, this works in Chromium (for the second and third iframe). So I guess the problem is related to something on creativecommons.org. Of course I can keep you updated when I find a browser-independent solution. Best regards Oliver Am 30.07.2014 um 11:44 schrieb Becker, Pascal-Nicolas: > Hi Oliver, > > I just read your mail from yesterday again. If I understand correctly it > works sometimes and sometimes not. May this be a cache problem? If you are > using XMLUI you should clean it's cache as well as the browser cache. This is > just a bold guess, but may be worth to clean all caches and try your solution > once again... > > Even if it is not a DSpace issue can you please repot a solution if you find > one? > > Regards, > Pascal > >> -----Original Message----- >> From: Oliver Goldschmidt [mailto:[email protected]] >> Sent: Wednesday, July 30, 2014 11:23 AM >> To: [email protected] >> Subject: Re: [Dspace-tech] CC-license and HTTPS in JSPUI >> >> Hi, >> >> I was able to solve this issue - at least for Firefox. As described here >> [1], you >> can leave out the protocol and reference ambedded external websites with >> //example.org. Doing that, its referenced via the same protocol as the >> embedding page. Unfortunately, this only works with Firefox (definitely not >> with Chromium, havent tried it with IE yet). >> Though, a compatible solution for all browsers of course would be more >> appropriate... >> >> But this is obviously not a DSpace issue, so I will stop reporting it here. >> >> Best regards >> Oliver >> >> [1] >> https://developer.mozilla.org/en- >> US/docs/Security/MixedContent/How_to_fix_website_with_mixed_conten >> t >> >> Am 30.07.2014 um 10:05 schrieb Oliver Goldschmidt: >>> Hi again, >>> >>> I now retried what I described yesterday in a different browser >>> (yesterday it was Firefox, today I am trying Chromium) to see if my >>> HTTPS-CC-issue is reproducable there. Answer: it is reproducable, and >>> its even worse. Although I am referencing >>> https://creativecommons.org/choose/?partner=dspace(...) , I get that >>> error message: "[blocked] The page at 'https://xyz.tuhh.de/submit' was >>> loaded over HTTPS, but ran insecure content from >>> 'http://creativecommons.org/choose/?partner=dspace(...)': this content >>> should also be loaded over HTTPS." >>> >>> In Chromium, the problem is already on the cc-licence-page: the iframe >>> is white without any content. >>> >>> Any ideas? >>> >>> Best regards >>> Oliver >>> >>> Am 29.07.2014 um 17:19 schrieb Oliver Goldschmidt: >>>> Hello all, >>>> >>>> I have a very weird problem with creativecommons.org and DSpace. >>>> Perhaps anyone here has an idea about that. >>>> The scenario is the following: I have DSpace configured, that its >>>> always loaded over HTTPS (by redirecting any call to Port 443). That >>>> works fine. But coming to the publication there is a problem. I have >>>> also enabled the CC-license step. As I reached that step in the >>>> publication process, I only got a white page inside the cc-iframe. I >>>> figured out, why that happened: a URL at creativecommons.org is >>>> embedded in an iframe, and loading a normal HTTP-URL in a HTTPS page >>>> iframe is forbidden. Though, I changed the URL of creativecommons.org >>>> in submit/creative-commons.jsp to its HTTPS-equivalent: >>>> https://creativecommons.org/choose/?partner=dspace. >>>> Now it worked and I got the creativecommons-page inside the iframe. >>>> But something is still wrong: I cannot select a license. Its getting >>>> blocked, because the browser is still getting mixed content. >>>> Obviously the creativecommons.org-page is not loaded via HTTPS, but >>>> via HTTP, although the URL points to HTTPS (and is displayed in the >>>> HTTPS-iframe, while its not displayed using the HTTP-URL). I can even >> reproduce this: >>>> clicking on the link >>>> https://creativecommons.org/choose/?partner=dspace >>>> gets me to the unencrypted version of the page. Only when I manually >>>> edit the URL in my browser window, I get to the real HTTPS address. >>>> Thats really odd... >>>> >>>> Perhaps someone can reproduce that or has an idea how to fix that. >>>> >>>> Any hints are appreciated! >>>> >>>> Best regards >>>> Oliver >>>> >>>> --------------------------------------------------------------------- >>>> --------- >>>> Infragistics Professional >>>> Build stunning WinForms apps today! >>>> Reboot your WinForms applications with our WinForms controls. >>>> Build a bridge from your legacy apps to the future. >>>> >> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg >>>> .clktrk _______________________________________________ >>>> DSpace-tech mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/dspace-tech >>>> List Etiquette: >>>> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette >>> ---------------------------------------------------------------------- >>> -------- >>> Infragistics Professional >>> Build stunning WinForms apps today! >>> Reboot your WinForms applications with our WinForms controls. >>> Build a bridge from your legacy apps to the future. >>> >> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg. >>> clktrk _______________________________________________ >>> DSpace-tech mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/dspace-tech >>> List Etiquette: >>> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette >> >> ------------------------------------------------------------------------------ >> Infragistics Professional >> Build stunning WinForms apps today! >> Reboot your WinForms applications with our WinForms controls. >> Build a bridge from your legacy apps to the future. >> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.cl >> ktrk >> _______________________________________________ >> DSpace-tech mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/dspace-tech >> List Etiquette: >> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
