In a project I'm working on, we use captcha in an https url.
We get a premium account to avoid unsecure content on the page (as default account doesn't support https).
The captcha works right with image but when click on audio there are 2 problems :
First problem
Object tag contains http url:
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#vers..."
Browsers doesn't care about that excepts IE that show the bellow modal :
For non-french speakers it means that secure and not secure content are mixed into the page and it asks user if he want to display only secure content. And this is espacialy to avoid this kind of warnings that we bought a premium account.
I simply tried change this url's protocols by https and warn message is over.
(download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0 responds 200 in both protocols)
Second problem :
Even if the swf load, when click on the play button, nothing happen.
When mp3 is called, I get those response header :
GET /v1/captcha/120524685c1a7635f1.mp3 HTTP/1.1
Accept: */*
Accept-Language: fr-FR
Referer: https://mydomain.com/sites/all/modules/contrib/mollom/mollom-captcha-player.swf?url=https%3A//xmlrpc2.mollom.com%3A443/v1/cap
x-flash-version: 11,2,202,235
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.3)
Host: xmlrpc2.mollom.com
Connection: Keep-Alive
HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2-b16 Java/Sun Microsystems Inc./1.6)
Server: GlassFish Server Open Source Edition 3.1.2-b16
Cache-Control: no-cache, no-store, no-transform, must-revalidate
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: audio/mp3
Content-Length: 39240
Date: Thu, 24 May 2012 14:37:53 GMT
In first sight it looks correct but I get also
URL: https://xmlrpc2.mollom.com/v1/captcha/120524685c1a7635f1.mp3
Content Type: audio/mp3
Headers size (bytes): 810
Data size (bytes): 0
Total size (bytes): 810
Transferred data size (bytes): 810
Cached data: No
Error result: 0x800c0008
Error constant: INET_E_DOWNLOAD_FAILURE
Error description: The download has failed (the connection was interrupted)
Extended error result: 0x2f7e
After investigations I found that the problem is a "design feature" in Internet Explorer (<= 8).
Loading data via SSL into the Flash Player ActiveX control will not work if the server includes a "no-cache" value in "Cache-Control".
Source : http://helpx.adobe.com/flash-player/kb/flash-player-issues-secure-socket...
I guess it can't be fixed at module's level but in mollom server.
Comment | File | Size | Author |
---|---|---|---|
#3 | mollom.captcha-audio-ssl.3.patch | 851 bytes | sun |
#1 | mollom-use-https-for-audio-captcha-object-tags-codebase-url-1598946-1.patch | 964 bytes | jgtrescazes |
Comments
Comment #1
jgtrescazes CreditAttribution: jgtrescazes commentedHere is a little patch to change http by https in audio captcha's html tag attributes.
This avoid IE warning about unsecured content.
Comment #3
sunLet's simply use a protocol-free URI then.
I'll also forward the HTTP header issue to the Mollom engineering team.
Comment #4
sunThanks for reporting, reviewing, and testing! Committed to all 2.x branches.
A new development snapshot will be available within the next 12 hours. This improvement will be available in the next official release.
As you already mentioned, the HTTP response headers need to be adjusted on the Mollom service backend.
Comment #5
jgtrescazes CreditAttribution: jgtrescazes commentedOk, thanks.
Do you know when the next official release would be available ?