Referencing yui.yahoo stuff is not nice with HTTPS

[disy-mk]

My browser is complaining that some scripts were blocked, as they would be insecure to load, while accessing my pad via HTPPS.

(e.g http://yui.yahooapis.com/2.9.0/build/dragdrop/dragdrop-min.js)

And indeed yahoo seems not to offer access to their apis via https (WTF?!?). Maybe we should use a local copy of what we are loading remotely?

[t2d]

Yes please!

[0x46616c6b]

+1

[quenenni]

Instead of writing yahoo links with the protocol, you can do it like this:

background-image:url( //yui.yahooapis.com/....;

Without the 'http:', your browser will choose between http and https depending of the protocol used for your pad.

But the other problem is that since several months, the access to yahoo apis seem to be unstable (https://developer.yahoo.com/forum/OAuth-General-Discussion-YDN-SDKs/http-social-yahooapis-com-Will-be-right-back/1395509802423-89faffa2-1503-486d-bc29-6505719bd774)

And just now, for the version 2.9.0 used by this plugin, I can only access the http and not the https files (well done Yahoo!!!)

I downloaded the yahoo api from github (https://github.com/yui/yui2/) and put it locally (the v2.8 coz 2.9 doesn't seem to exist there), change all the links in the files. The page loaded well, no more errors from http <-> https problem, but then, when clicking the table button I had this error:

• In Firefox / Iceweasel

[WARN] client - Error: Permission denied to access property 'templatesMenu' -- { errorId: 'R5QyAaK47KRl4Ud5D7SU',
  msg: 'Error: Permission denied to access property \'templatesMenu\'',
  url: 'https://pad.xxxx.net/p/g.1xV8WVJ5X7O9M',
  linenumber: 3,
  userAgent: 'Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0 Iceweasel/30.0a2' }

• In Chrome:

[WARN] client - Uncaught SecurityError: Blocked a frame with origin "https://pad.xxxx.net" from accessing a cross-origin frame. -- { errorId: 'B6nwAAyjxVpNkpKvY2Bp',
  msg: 'Uncaught SecurityError: Blocked a frame with origin "https://pad.xxxx.net" from accessing a cross-origin frame.',
  url: 'https://pad.xxxxx.net/p/g.1xV8WVJ5X7O9M',
  linenumber: 4,
  userAgent: 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.132 Safari/537.36' }

I tried also with a more recent version of the yahoo api (3.2) as v2.9 is 3 years old, but then lots of changes were done and files are missing (well under another name or merged inside another one or ..).

With the error in Firefox, I searched for 'templatesMenu', found it in statis/js/dataTables.js (line 17) and removed it, but still the same error (??)

I also tried the modified version of this plugin by xshadow (https://github.com/xshadow/ep_tables/tree/47307c4b4b6f2aadee5a53588d02c6c4f0ce85df) that says "Etherpad Lite Tables plugin with full https support" but no luck (he didn't change any yahoo link to remove the http part?!).

I'm very sad, but I wasn't able to make it work.

If anyone has another idea, I'm all ears :)

[quenenni]

Well, it appears that is was a good solution to bring the yahoo api locally. There arent so many yahoo references to modify.

After being sure to have clear all caches, I didn't have any http <-> https problems.

The error I told just after, I fixed it. See #12