search

vizorvr / patches

Patches is a visual programming editor for building WebVR and WebGL experiences.
http://patches.vizor.io
MIT License
204 stars 44 forks source link

Embed in user-page does not give functioning http://vizor.io instead just says /scripts/embed.js #2014

Open esaruoho opened 7 years ago

esaruoho commented 7 years ago

current embed code generation in profile_view ( http://vizor.io/esaruoho -> select project -> tap on Share) is missing http://vizor.io at the start

your_files

compare to what was launched way back when ( https://twitter.com/vizor_vr/status/731213475037466625 - officially posted on 13th of May 2016 on Vizor_VR) - pasted image at 2017_07_01 11_26 pm

and you'll see that really, the embed code SHOULD be created with http://vizor.io/scripts/embed.js instead of only /scripts/embed.js

the user cannot be expected to figure this out on their own. (example of confused user: https://vizorvr.slack.com/archives/C0D7S35JQ/p1498874721217943 )

gmarinov commented 7 years ago

this might take a bit of untangling. my working copy references e.g. //localhost as expected

screen shot 2017-07-04 at 16 28 26

<script src="//localhost:8000/scripts/embed.js" data-vizorurl="//localhost:8000/embed/eesn/six" ></script>

the reason we use // instead of http:// or https:// is because some browsers e.g. Chrome, deny the parent frame (the page on which the embed happens) communicating with the child iframe created by embed.js (which shows the vizor experience), so iframeWindow.postMessage fails, and relaying of e.g. devicemotion events fails, which has implications for mobile.

edit: ref https://github.com/vizorvr/vizor/commit/0f30744

gmarinov commented 7 years ago

seems to be this snippet in app.js that forces the page to https but for the embed and embedded content it should keep to whatever the protocol was

app.use((req, res, next) => {
    // Google Cloud Load Balancer: redirect to https if not secure
    var fwdProto = req.get('x-forwarded-proto')
    if (!fwdProto)
        return next()

    if (fwdProto !== 'https')
        return res.redirect('https://' + req.get('host') + req.url)

    next()
})
esaruoho commented 7 years ago

@kschzt Jaakko might you have a solution for this?

gmarinov commented 7 years ago

tag @kschzt we're forcing https on route(s) that should remain open to both http and https - the embed and embedded project need to keep the same protocol as the page on which the vizor project is embedded. hälp

esaruoho commented 6 years ago

Notice this is related to userpage sharing, not "in-patches-editor-sharing".

screen shot 2017-11-03 at 13 04 28