Closed gscshoyru closed 8 years ago
Yep, reproduced it. Looks like a "feature" of chrome, but will hopely find a workaround.
...turns out it's a bug, not a feature -- found the relevant issue here: http://code.google.com/p/chromium/issues/detail?id=437440&q=mixed%20content%20blob&colspec=ID%20Pri%20M%20Week%20ReleaseBlock%20Cr%20Status%20Owner%20Summary%20OS%20Modified . But my guess is they're not going to fix it anytime soon.
fixed in 0.3.0
This does not appear to be fixed -- trying https://asvd.github.io/jailed/demos/web/console/ in chrome fails to work at all, and the web console gives the usual "mixed content" error.
If you did manage to fix this somehow, and just didn't update your demos, I would love to know how you did so.
You are right, the demos still use the old sources, thanks for the point.
As far as I remember, the problem was fixed by getting rid of a worker in case when it cannot be properly initialized. (Because the sandbox is provided by an iframe, not a worker)
Updated the website, seems like it works now (after clearing the browser cache)
By the way, the error on the console should still be there, because there was no way to find out programmatically if a worker did not initialize. Jailed just waits for some time until a worker responds, and fallbacks to a solution without a worker otherwise.
But the sandboxing should work, along with the demo.
Yup, demos work now.
And thanks for the explanations -- for a moment I thought someone had found a way to get sandboxed web-workers to work. Sadly, this is not the case, still. I guess we still need to wait on chrome fixing their bug.
I'm not certain if this is a bug on chrome or a bug on you, but -- if you load your demo page here as https instead of http, then you get an error "Mixed Content: The page at 'https://asvd.github.io/jailed/lib/_frame.html' was loaded over HTTPS, but requested an insecure Worker script 'blob:null/74057946-5764-4cbe-8f84-32e392c3885f'. This request has been blocked; the content must be served over HTTPS.". It's likely a bug on chrome, but thought you should be aware, and might possibly want to implement some kind of workaround until chrome fixes it.