In a project I'm working on, we use captcha in an https url.
We get a premium account to avoid unsecure content on the page (as default account doesn't support https).
The captcha works right with image but when click on audio there are 2 problems :
Object tag contains http url:
Browsers doesn't care about that excepts IE that show the bellow modal :
For non-french speakers it means that secure and not secure content are mixed into the page and it asks user if he want to display only secure content. And this is espacialy to avoid this kind of warnings that we bought a premium account.
I simply tried change this url's protocols by https and warn message is over.
(download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0 responds 200 in both protocols)
Second problem :
Even if the swf load, when click on the play button, nothing happen.
When mp3 is called, I get those response header :
GET /v1/captcha/120524685c1a7635f1.mp3 HTTP/1.1 Accept: */* Accept-Language: fr-FR Referer: https://mydomain.com/sites/all/modules/contrib/mollom/mollom-captcha-player.swf?url=https%3A//xmlrpc2.mollom.com%3A443/v1/cap x-flash-version: 11,2,202,235 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.3) Host: xmlrpc2.mollom.com Connection: Keep-Alive HTTP/1.1 200 OK X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2-b16 Java/Sun Microsystems Inc./1.6) Server: GlassFish Server Open Source Edition 3.1.2-b16 Cache-Control: no-cache, no-store, no-transform, must-revalidate Expires: Wed, 31 Dec 1969 23:59:59 GMT Content-Type: audio/mp3 Content-Length: 39240 Date: Thu, 24 May 2012 14:37:53 GMT
In first sight it looks correct but I get also
URL: https://xmlrpc2.mollom.com/v1/captcha/120524685c1a7635f1.mp3 Content Type: audio/mp3 Headers size (bytes): 810 Data size (bytes): 0 Total size (bytes): 810 Transferred data size (bytes): 810 Cached data: No Error result: 0x800c0008 Error constant: INET_E_DOWNLOAD_FAILURE Error description: The download has failed (the connection was interrupted) Extended error result: 0x2f7e
After investigations I found that the problem is a "design feature" in Internet Explorer (<= 8).
Loading data via SSL into the Flash Player ActiveX control will not work if the server includes a "no-cache" value in "Cache-Control".
Source : http://helpx.adobe.com/flash-player/kb/flash-player-issues-secure-socket...
I guess it can't be fixed at module's level but in mollom server.
PASSED: [[SimpleTest]]: [MySQL] 4,229 pass(es). View
FAILED: [[SimpleTest]]: [MySQL] Unable to apply patch mollom-use-https-for-audio-captcha-object-tags-codebase-url-1598946-1.patch. Unable to apply patch. See the log in the details link for more information. View