Front page contains http download of sign-in form

[pbinkley]

The front page of ERA in production currently attempts to download http://era.library.ualberta.ca/users/sign_in. It gets redirected to https, but it causes the page to be flagged as insecure in Firefox's location bar. The request seems to be caused by an attempt to load the thumbnail of a ccid-protected item in the "Recent Documents" box (currently https://era.library.ualberta.ca/downloads/3j333490f?file=thumbnail)

Just for context: This problem of ccid-protected thumbnails shows up elsewhere too. If you aren't logged in and you browse a collection that contains a ccid-protected item, you get that bar at the top of the results telling you you need to log in to see "this item". If you log in, you're taken to a thumbnail image. I assume this is what triggered the message, and Sufia assumes that it is what you were trying to see when you logged in.

[pgwillia]

This a solr document for the item. Note that it is in the public group.

{
        "system_create_dtsi":"2016-05-30T18:38:48Z",
        "system_modified_dtsi":"2016-05-30T18:40:57Z",
        "active_fedora_model_ssi":"GenericFile",
        "has_model_ssim":["GenericFile"],
        "id":"3j333490f",
        "object_profile_ssm":["{\"id\":\"3j333490f\",\"mime_type\":\"application/pdf\",\"format_label\":[\"PDF/X\"],\"file_size\":[\"324864\"],\"last_modified\":[\"2016:05:30 12:38:55-06:00\"],\"filename\":[\"20160527 00-00-00.0DailyRecordNon-Pro.pdf\"],\"original_checksum\":[\"58450ba09d9d87f520e7242daeece765\"],\"rights_basis\":[],\"copyright_basis\":[],\"copyright_note\":[],\"well_formed\":[],\"valid\":[],\"status_message\":[],\"file_title\":[],\"file_author\":[],\"page_count\":[],\"file_language\":[],\"word_count\":[],\"character_count\":[],\"paragraph_count\":[],\"line_count\":[],\"table_count\":[],\"graphics_count\":[],\"byte_order\":[],\"compression\":[],\"color_space\":[],\"profile_name\":[],\"profile_version\":[],\"orientation\":[],\"color_map\":[],\"image_producer\":[],\"capture_device\":[],\"scanning_software\":[],\"exif_version\":[],\"gps_timestamp\":[],\"latitude\":[],\"longitude\":[],\"character_set\":[],\"markup_basis\":[],\"markup_language\":[],\"bit_depth\":[],\"channels\":[],\"data_format\":[],\"offset\":[],\"frame_rate\":[],\"label\":\"20160527 00-00-00.0DailyRecordNon-Pro.pdf\",\"depositor\":\"eraadmi@ualberta.ca\",\"relative_path\":\"\",\"import_url\":null,\"part_of\":[],\"resource_type\":[\"Report\"],\"title\":[\"Daily Record, Friday, May 27, 2016\"],\"creator\":[\"Toronto Stock Exchange\"],\"contributor\":[],\"description\":[],\"rights\":\"Use of this product is restricted to current faculty, staff, and students of the University. It is the  responsibility of each user to ensure that he or she uses this product for individual, non-  commercial educational or research purposes only, and does not systematically download or  retain substantial portions of information.  Users may not reproduce or redistribute  unprocessed/raw data portions of the data to any third party, or otherwise engage in the  systematic retransmission or commercialization of the data.\",\"publisher\":[],\"date_created\":\"2016/05/27\",\"date_modified\":\"2016-05-30T18:38:47.189+00:00\",\"subject\":[\"Toronto Stock Exchange-- Periodicals\",\"Stock exchanges-- Canada-- Tables-- Periodicals\"],\"language\":\"English\",\"identifier\":[],\"related_url\":\"\",\"source\":\"\",\"proxy_depositor\":null,\"on_behalf_of\":null,\"date_uploaded\":\"2016-05-30T18:38:47.189+00:00\",\"license\":\"I am required to use/link to a publisher's license\",\"trid\":null,\"ser\":null,\"temporal\":[],\"spatial\":[],\"is_version_of\":\"\",\"unicorn\":null,\"fedora3uuid\":null,\"fedora3handle\":null,\"ingestbatch\":null,\"hasCollection\":[\"Daily Record (Toronto Stock Exchange)\"],\"belongsToCommunity\":[\"wh246v792\"],\"hasCollectionId\":[\"44558s34k\"],\"year_created\":\"2016\",\"remote_resource\":null,\"degree_grantor\":null,\"dissertant\":null,\"supervisor\":[],\"committee_member\":[],\"department\":[],\"specialization\":null,\"date_submitted\":null,\"date_accepted\":null,\"graduation_date\":null,\"alternative_title\":[],\"thesis_name\":null,\"thesis_level\":null,\"proquest\":null,\"abstract\":null,\"batch_id\":\"bb5644r643\",\"embargo_id\":null,\"lease_id\":null}"],
        "mime_type_tesim":["application/pdf"],
        "depositor_ssim":["eraadmi@ualberta.ca"],
        "depositor_tesim":["eraadmi@ualberta.ca"],
        "resource_type_tesim":["Report"],
        "title_tesim":["Daily Record, Friday, May 27, 2016"],
        "creator_tesim":["Toronto Stock Exchange"],
        "rights_tesim":["Use of this product is restricted to current faculty, staff, and students of the University. It is the  responsibility of each user to ensure that he or she uses this product for individual, non-  commercial educational or research purposes only, and does not systematically download or  retain substantial portions of information.  Users may not reproduce or redistribute  unprocessed/raw data portions of the data to any third party, or otherwise engage in the  systematic retransmission or commercialization of the data."],
        "date_created_tesim":["2016/05/27"],
        "date_created_ssi":"2016/05/27",
        "date_modified_dtsi":"2016-05-30T18:38:47Z",
        "subject_tesim":["Toronto Stock Exchange-- Periodicals",
          "Stock exchanges-- Canada-- Tables-- Periodicals"],
        "language_tesim":["English"],
        "isPartOf_ssim":["bb5644r643"],
        "date_uploaded_dtsi":"2016-05-30T18:38:47Z",
        "license_tesim":["I am required to use/link to a publisher's license"],
        "hasCollection_ssim":["Daily Record (Toronto Stock Exchange)"],
        "hasCollection_tesim":["Daily Record (Toronto Stock Exchange)"],
        "belongsToCommunity_ssim":["wh246v792"],
        "belongsToCommunity_tesim":["wh246v792"],
        "hasCollectionId_ssim":["44558s34k"],
        "hasCollectionId_tesim":["44558s34k"],
        "year_created_tesim":["2016"],
        "label_tesim":["20160527 00-00-00.0DailyRecordNon-Pro.pdf"],
        "file_format_tesim":["pdf (PDF/X)"],
        "file_size_is":324864,
        "read_access_group_ssim":["public",
          "university_of_alberta"],
        "edit_access_person_ssim":["eraadmi@ualberta.ca"],
        "_version_":1535779704205737984,
        "timestamp":"2016-05-30T18:40:59.559Z",
        "score":1.0},

[pbinkley]

After discussion with @leahvanderjagt , the preferred solution is to check permissions when building a link to a thumbnail, and link to the generic thumbnail if the user doesn't have permission to download this item. We would need to be careful about the caching, so that the user would not still see the cached generic thumbnail after they log in. If this is more than a couple hours work, though, let's discuss leaving it for now.

We must change the http call to https, though, to prevent browsers from showing the encryption of the site as incomplete.

[pgwillia]

image_tag download_path(@generic_file, file: 'thumbnail'), { class: "img-responsive", alt: "#{title} of #{@generic_file.title.first}" }

results in <img class="img-responsive" alt="Download the full-sized PDF of Daily Record, Friday, May 27, 2016" src="/downloads/3j333490f?file=thumbnail">

Apparently a fix to the https problem would be src="//downloads/3j333490f?file=thumbnail" At the moment not sure how to make that happen.

[pgwillia]

@pbinkley @leahvanderjagt do you have a preferred 'generic thumbnail' for display?

I'm hoping I can do something like <img src="404.jpg" onerror="this.src='substitute.jpg';this.removeAttribute('onerror');">

[pbinkley]

I was assuming the default one that Sufia shows when an item hasn't been characterized: https://github.com/projecthydra/sufia/blob/6.x-stable/app/assets/images/default.png .

[leahvanderjagt]

Yes, that's the one.

On Wed, Jun 1, 2016 at 10:41 AM, Peter Binkley notifications@github.com wrote:

I was assuming the default one that Sufia shows when an item hasn't been characterized:

https://github.com/projecthydra/sufia/blob/6.x-stable/app/assets/images/default.png .

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ualbertalib/HydraNorth/issues/1159#issuecomment-223052357, or mute the thread https://github.com/notifications/unsubscribe/AFieXEPNv5l_bmppml_I66Rt_APsV7eZks5qHbYsgaJpZM4Iqqw4 .

---

Leah VanderjagtDigital Repository Services Librarian University of Albertat. 780.492.3851 leahv@ualberta.ca leahv@ualberta.ca

[pgwillia]

@henryzhang87 can we change ./hydra/roles/hydra/templates/production.rb.j2: # config.force_ssl = true so that the line is uncommented? I think this is the key to having the login redirects stay https

[pgwillia]

@mbarnett @pbinkley See my June 7 comment.