search

voc / voctoweb

voctoweb – the frontend and backend software behind media.ccc.de
GNU General Public License v3.0
187 stars 55 forks source link

CORS and Mixed content errors on player page #211

Closed bjoern-r closed 7 years ago

bjoern-r commented 7 years ago

when trying to play a video via https [1] and a http only mirror is selected the player is not shown at all. I only see the preview image with no controls.

33c3-7912-spiegelmining_reverse_engineering_von_spiegel-online:1 Mixed Content: The page at 'https://media.ccc.de/v/33c3-7912-spiegelmining_reverse_engineering_von_spiegel-online' was loaded over HTTPS, but requested an insecure video 'http://cdn.media.ccc.de/congress/2016/h264-hd/33c3-7912-deu-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online.mp4'. This content should also be served over HTTPS.
33c3-7912-spiegelmining_reverse_engineering_von_spiegel-online:1 Access to Image at 'https://static.media.ccc.de/media/congress/2016/7912-hd_preview.jpg' from origin 'https://media.ccc.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://media.ccc.de' is therefore not allowed access.
application-48a283b….js:6 asking cdn for mirror at https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-7912-deu-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online.mp4
application-48a283b….js:6 asking cdn for mirror at https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-7912-eng-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online.mp4
application-48a283b….js:6 asking cdn for mirror at https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-7912-fra-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online.mp4
application-48a283b….js:6 asking cdn for mirror at https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-7912-deu-eng-fra-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online_hd.mp4
application-48a283b….js:6 asking cdn for mirror at https://cdn.media.ccc.de/congress/2016/h264-sd/33c3-7912-deu-eng-fra-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online_sd.mp4
application-48a283b….js:6 asking cdn for mirror at https://cdn.media.ccc.de/congress/2016/webm-sd/33c3-7912-deu-eng-fra-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online_webm-sd.webm
application-48a283b….js:6 asking cdn for mirror at https://cdn.media.ccc.de/congress/2016/webm-hd/33c3-7912-deu-eng-fra-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online_webm-hd.webm
33c3-7912-spiegelmining_reverse_engineering_von_spiegel-online:1 Mixed Content: The page at 'https://media.ccc.de/v/33c3-7912-spiegelmining_reverse_engineering_von_spiegel-online' was loaded over HTTPS, but requested an insecure video 'http://mirror.fvz.io/media.ccc.de/congress/2016/h264-hd/33c3-7912-deu-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online.mp4'. This content should also be served over HTTPS.
application-48a283b….js:6 using mirror http://mirror.eu.oneandone.net/projects/media.ccc.de//congress/2016/h264-hd/33c3-7912-deu-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online.mp4
application-48a283b….js:6 using mirror http://mirror.eu.oneandone.net/projects/media.ccc.de//congress/2016/h264-hd/33c3-7912-eng-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online.mp4
application-48a283b….js:6 using mirror http://mirror.eu.oneandone.net/projects/media.ccc.de//congress/2016/h264-hd/33c3-7912-fra-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online.mp4
application-48a283b….js:6 using mirror http://mirror.eu.oneandone.net/projects/media.ccc.de//congress/2016/h264-hd…-deu-eng-fra-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online_hd.mp4
application-48a283b….js:6 using mirror http://mirror.fvz.io/media.ccc.de//congress/2016/h264-sd/33c3-7912-deu-eng-fra-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online_sd.mp4
application-48a283b….js:6 using mirror http://mirror.eu.oneandone.net/projects/media.ccc.de//congress/2016/webm-sd…ng-fra-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online_webm-sd.webm
33c3-7912-spiegelmining_reverse_engineering_von_spiegel-online:1 Mixed Content: The page at 'https://media.ccc.de/v/33c3-7912-spiegelmining_reverse_engineering_von_spiegel-online' was loaded over HTTPS, but requested an insecure video 'http://mirror.eu.oneandone.net/projects/media.ccc.de//congress/2016/h264-hd/33c3-7912-eng-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online.mp4'. This content should also be served over HTTPS.
application-48a283b….js:6 using mirror http://mirror.eu.oneandone.net/projects/media.ccc.de//congress/2016/webm-hd…ng-fra-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online_webm-hd.webm
33c3-7912-spiegelmining_reverse_engineering_von_spiegel-online:1 Mixed Content: The page at 'https://media.ccc.de/v/33c3-7912-spiegelmining_reverse_engineering_von_spiegel-online' was loaded over HTTPS, but requested an insecure video 'http://mirror.eu.oneandone.net/projects/media.ccc.de//congress/2016/webm-sd…ng-fra-SpiegelMining_-_Reverse_Engineering_von_Spiegel-Online_webm-sd.webm'. This content should also be served over HTTPS.
33c3-7912-spiegelmining_reverse_engineering_von_spiegel-online:1 Access to Image at 'https://static.media.ccc.de/media/congress/2016/7912-hd_preview.jpg' from origin 'https://media.ccc.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://media.ccc.de' is therefore not allowed access.

This test was done in chromium on linux. When Firefox is used i see the player controls and a spinner but the video does not start.

[1] https://media.ccc.de/v/33c3-7912-spiegelmining_reverse_engineering_von_spiegel-online

bjoern-r commented 7 years ago

Safari and Chrome on a mac have the same issue.

dedeibel commented 7 years ago

Was fixed by MaZderMind with 693657a.