Similar to #1357044: Mollom Statistics Page Breaks SSL, but this seems to be a different issue.


The specific error is

The page at [URL] displayed insecure content from
#3 mollom.protocol.3.patch495 byteseshta
PASSED: [[SimpleTest]]: [MySQL] 6,969 pass(es). View
mollom_ssl.png182.9 KBgrendzy


sun’s picture

Priority: Normal » Minor

Hm. The schema seems to be hard-coded in the .swf that is hosted on; i.e., not part of the Mollom module.

I've reported this issue upstream. Will leave this issue open until the upstream issue is fixed.

eshta’s picture

Issue summary: View changes
Status: Active » Fixed

Thi has been fixed now. The swf will pull data from http or https depending on the protocol of the calling page.

Please re-open if you continue to see any ssl errors.

eshta’s picture

Status: Fixed » Needs review
Issue tags: +Needs backport to 6.x
495 bytes
PASSED: [[SimpleTest]]: [MySQL] 6,969 pass(es). View

Spoke too soon. In order to enable this we also need to enable javascript access from the SWF in order to utilize scripting to read the protocol from the url. I'm attaching a patch that addresses this.

sun’s picture

Status: Needs review » Reviewed & tested by the community

Looks good to me.

eshta’s picture

Thanks - but the more I think of it. This doesn't have to be necessary. The module includes the swf from a secure domain already, there really isn't a reason to load the data from an insecure protocol other than a minimal speed gain. Perhaps the url for the feed should just always be secure.

eshta’s picture

Status: Reviewed & tested by the community » Fixed
Issue tags: -Needs backport to 6.x

This should be fixed based on some work done to the statistics SWF itself and no longer needs the patch. Since all modules include the SWF from the secure domain, the data is just pulled from the secure domain as well. Therefore no changes are needed to Flash permissions, etc.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.