Jailed does not work with https in chrome

[gscshoyru]

I'm not certain if this is a bug on chrome or a bug on you, but -- if you load your demo page here as https instead of http, then you get an error "Mixed Content: The page at 'https://asvd.github.io/jailed/lib/_frame.html' was loaded over HTTPS, but requested an insecure Worker script 'blob:null/74057946-5764-4cbe-8f84-32e392c3885f'. This request has been blocked; the content must be served over HTTPS.". It's likely a bug on chrome, but thought you should be aware, and might possibly want to implement some kind of workaround until chrome fixes it.

[asvd]

Yep, reproduced it. Looks like a "feature" of chrome, but will hopely find a workaround.

[gscshoyru]

...turns out it's a bug, not a feature -- found the relevant issue here: http://code.google.com/p/chromium/issues/detail?id=437440&q=mixed%20content%20blob&colspec=ID%20Pri%20M%20Week%20ReleaseBlock%20Cr%20Status%20Owner%20Summary%20OS%20Modified . But my guess is they're not going to fix it anytime soon.

[asvd]

fixed in 0.3.0

[gscshoyru]

This does not appear to be fixed -- trying https://asvd.github.io/jailed/demos/web/console/ in chrome fails to work at all, and the web console gives the usual "mixed content" error.

If you did manage to fix this somehow, and just didn't update your demos, I would love to know how you did so.

[asvd]

You are right, the demos still use the old sources, thanks for the point.

As far as I remember, the problem was fixed by getting rid of a worker in case when it cannot be properly initialized. (Because the sandbox is provided by an iframe, not a worker)

[asvd]

Updated the website, seems like it works now (after clearing the browser cache)

[asvd]

By the way, the error on the console should still be there, because there was no way to find out programmatically if a worker did not initialize. Jailed just waits for some time until a worker responds, and fallbacks to a solution without a worker otherwise.

But the sandboxing should work, along with the demo.

[gscshoyru]

Yup, demos work now.

And thanks for the explanations -- for a moment I thought someone had found a way to get sandboxed web-workers to work. Sadly, this is not the case, still. I guess we still need to wait on chrome fixing their bug.