[Bug 10944] New: Mixed content warnings in opac results and detail with Amazon images on https
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Bug ID: 10944 Summary: Mixed content warnings in opac results and detail with Amazon images on https Change sponsored?: --- Product: Koha Version: 3.14 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: OPAC Assignee: oleonard@myacpl.org Reporter: liz@catalyst.net.nz QA Contact: testopia@bugs.koha-community.org It's probably going to become more popular to run Koha in SSL environments - currently on ssl, with Amazon images enabled, a SSL enabled site will either not show Amazon images (IE, some versions of Firefox?), or show a warning to users about mixed secure and insecure content (Firefox, Chrome). Since we now have the using_https template variable, it makes sense to use it. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Liz Rea <liz@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|enhancement |minor -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 --- Comment #1 from Liz Rea <liz@catalyst.net.nz> --- Created attachment 21431 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21431&action=edit Bug 10944 - Mixed content warnings in opac results and detail with Amazon images on https It's probably going to become more popular to run Koha in SSL environments. Currently on ssl, with Amazon images enabled, a SSL enabled site will either not show Amazon images (IE, some versions of Firefox?), or show a warning to users about mixed secure and insecure content (Firefox, Chrome). Since we now have the using_https template variable, it makes sense to use it. To test: In each browser you have access to, and preferably with SSL set up (you can set up a self signed cert for your dev install by following, more or less, the instructions here: https://wiki.debian.org/Self-Signed_Certificate) For the apache config, just copy the one for the OPAC, but set it to use 443 instead of 80 for the port, and point it to your keys per the instructions above. ** note that using a self signed cert on your dev install will prompt you when you connect the first time that OMG I CAN'T VERIFY THIS IS COOL. You did it yourself, if you can't trust yourself... then who can you trust? * Enable Amazon images in the system preferences * Do a search that you know will have images for, verify that without SSL 1. the images show 2. the image source is from an Amazon url that uses http:// 3. the images are the right size, and look ok * Do the same using https, verify that with SSL 1. the images show 2. the image source is from an Amazon url that uses https:// 3. the images are the right size, and look ok Clicking on the image should link to the item on Amazon. This patch also corrects a problem with the Amazon url used on the images - it was pointing to a feature that is currently unavailable. That's fixed here. All you need to check is that it goes to a valid Amazon endpoint that doesn't show an error. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Liz Rea <liz@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 I'm just a bot <gitbot@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gitbot@bugs.koha-community. | |org When did the bot| |2013-09-29 last check this| | --- Comment #2 from I'm just a bot <gitbot@bugs.koha-community.org> --- Patch applied cleanly, go forth and signoff -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Robin Sheat <robin@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |robin@catalyst.net.nz -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Liz Rea <liz@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Mixed content warnings in |Mixed content warnings in |opac results and detail |results and detail with |with Amazon images on https |Amazon images on https -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Robin Sheat <robin@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|oleonard@myacpl.org |robin@catalyst.net.nz -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 --- Comment #3 from Robin Sheat <robin@catalyst.net.nz> --- Created attachment 21839 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21839&action=edit Bug 10944 - Mixed content warnings for covers on staff client This switches the URLs used to access Amazon's cover images to the SSL image server, preventing warnings when using this on a secure site. To test: * Enable Amazon images in the sysprefs, all other cover images off. * Do a search in the staff client. Using firebug or similar, inspect the images that indicate both "no image found" and the covers. * Are they all https, and showing correctly? -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Liz Rea <liz@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Trivial patch -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Liz Rea <liz@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #21839|0 |1 is obsolete| | --- Comment #4 from Liz Rea <liz@catalyst.net.nz> --- Created attachment 21886 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21886&action=edit Bug 10944 - Mixed content warnings for covers on staff client This switches the URLs used to access Amazon's cover images to the SSL image server, preventing warnings when using this on a secure site. To test: * Enable Amazon images in the sysprefs, all other cover images off. * Do a search in the staff client. Using firebug or similar, inspect the images that indicate both "no image found" and the covers. * Are they all https, and showing correctly? -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Ed Veal <ed.veal@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off CC| |ed.veal@bywatersolutions.co | |m -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 --- Comment #5 from Robin Sheat <robin@catalyst.net.nz> --- Ed, you've marked this as signed off but haven't attached a signed off version of the patch, was that intentional? -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |katrin.fischer@bsz-bw.de --- Comment #6 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- I think it looks like bug number confusion. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Liz Rea <liz@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #21431|0 |1 is obsolete| | --- Comment #7 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 22407 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=22407&action=edit Bug 10944 - Mixed content warnings in opac results and detail with Amazon images on https It's probably going to become more popular to run Koha in SSL environments. Currently on ssl, with Amazon images enabled, a SSL enabled site will either not show Amazon images (IE, some versions of Firefox?), or show a warning to users about mixed secure and insecure content (Firefox, Chrome). Since we now have the using_https template variable, it makes sense to use it. To test: In each browser you have access to, and preferably with SSL set up (you can set up a self signed cert for your dev install by following, more or less, the instructions here: https://wiki.debian.org/Self-Signed_Certificate) For the apache config, just copy the one for the OPAC, but set it to use 443 instead of 80 for the port, and point it to your keys per the instructions above. ** note that using a self signed cert on your dev install will prompt you when you connect the first time that OMG I CAN'T VERIFY THIS IS COOL. You did it yourself, if you can't trust yourself... then who can you trust? * Enable Amazon images in the system preferences * Do a search that you know will have images for, verify that without SSL 1. the images show 2. the image source is from an Amazon url that uses http:// 3. the images are the right size, and look ok * Do the same using https, verify that with SSL 1. the images show 2. the image source is from an Amazon url that uses https:// 3. the images are the right size, and look ok Clicking on the image should link to the item on Amazon. This patch also corrects a problem with the Amazon url used on the images - it was pointing to a feature that is currently unavailable. That's fixed here. All you need to check is that it goes to a valid Amazon endpoint that doesn't show an error. Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #21886|0 |1 is obsolete| | --- Comment #8 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 22409 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=22409&action=edit Bug 10944 - Mixed content warnings for covers on staff client This switches the URLs used to access Amazon's cover images to the SSL image server, preventing warnings when using this on a secure site. To test: * Enable Amazon images in the sysprefs, all other cover images off. * Do a search in the staff client. Using firebug or similar, inspect the images that indicate both "no image found" and the covers. * Are they all https, and showing correctly? Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off CC| |kyle@bywatersolutions.com -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 --- Comment #9 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- I have followed the instructions and set up https, but I am confused by the results: OPAC Still running on localhost:8080, but the Amazon cover URL appears as https:// on the results page and on the details page. Intranet Now working with localhost and 442, but the Amazon cover URL is still http:// on the results and the details page. Liz, can you please check? -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.renvoize@ptfs-europe | |.com --- Comment #10 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- I think I've got to the bottom of why I couldn't get this to work.. It's not implemented in the bootstrap theme. Could someone do a follow-up with bootstrap support please? -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 --- Comment #11 from Liz Rea <liz@catalyst.net.nz> --- Created attachment 23280 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=23280&action=edit Bug 10944 - Followup for Bootstrap Amazon images on https OPAC see test plan for previous patch, only bootstrap theme instead of prog. :) -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 --- Comment #12 from Liz Rea <liz@catalyst.net.nz> --- Hi Cait, I wasn't able to replicate your issue - the image url changed correctly for me based on whether or not the site was running in SSL in the OPAC. You would need both patches to cover both OPAC and intranet. The intranet patch doesn't even have a non-ssl mode for fetching the images - you will always get the ssl version of the image no matter the mode. The thinking is - we should not ever be running (yes, of course we *do* but we *shouldn't*!) the intranet in non-SSL. It doesn't hurt anything to fetch the https image over the http version, so Robin simply made that choice to do it without the ability to switch. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 --- Comment #13 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Hi Liz, That's all looking pretty good to me now, though there is one minor discrepancy that's crept in on the bootstrap theme. in http the class=item-thumbnail whereas in https class=thunmbnail which make the image display slightly differently depending upon http or https. Though it's no biggy (I actually prefer the styling on the https version myself with a minor border). I'm currently testing to see if it affects the results turned up for .com vs other local amazon's, and testing that the other amazon preferences aren't affected. I think cait's issues were to do with her ssl setup so she's asked me to do qa. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #22407|0 |1 is obsolete| | --- Comment #14 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 23282 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=23282&action=edit [PASSED QA] Bug 10944 - Mixed content warnings in opac results and detail with Amazon images on https It's probably going to become more popular to run Koha in SSL environments. Currently on ssl, with Amazon images enabled, a SSL enabled site will either not show Amazon images (IE, some versions of Firefox?), or show a warning to users about mixed secure and insecure content (Firefox, Chrome). Since we now have the using_https template variable, it makes sense to use it. To test: In each browser you have access to, and preferably with SSL set up (you can set up a self signed cert for your dev install by following, more or less, the instructions here: https://wiki.debian.org/Self-Signed_Certificate) For the apache config, just copy the one for the OPAC, but set it to use 443 instead of 80 for the port, and point it to your keys per the instructions above. ** note that using a self signed cert on your dev install will prompt you when you connect the first time that OMG I CAN'T VERIFY THIS IS COOL. You did it yourself, if you can't trust yourself... then who can you trust? * Enable Amazon images in the system preferences * Do a search that you know will have images for, verify that without SSL 1. the images show 2. the image source is from an Amazon url that uses http:// 3. the images are the right size, and look ok * Do the same using https, verify that with SSL 1. the images show 2. the image source is from an Amazon url that uses https:// 3. the images are the right size, and look ok Clicking on the image should link to the item on Amazon. This patch also corrects a problem with the Amazon url used on the images - it was pointing to a feature that is currently unavailable. That's fixed here. All you need to check is that it goes to a valid Amazon endpoint that doesn't show an error. Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #22409|0 |1 is obsolete| | --- Comment #15 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 23283 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=23283&action=edit [PASSED QA] Bug 10944 - Mixed content warnings for covers on staff client This switches the URLs used to access Amazon's cover images to the SSL image server, preventing warnings when using this on a secure site. To test: * Enable Amazon images in the sysprefs, all other cover images off. * Do a search in the staff client. Using firebug or similar, inspect the images that indicate both "no image found" and the covers. * Are they all https, and showing correctly? Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #23280|0 |1 is obsolete| | --- Comment #16 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 23284 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=23284&action=edit [PASSED QA] Bug 10944 - Followup for Bootstrap Amazon images on https OPAC see test plan for previous patch, only bootstrap theme instead of prog. :) Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 --- Comment #17 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- I'm happy that this all works as advertised and doesn't introduce any regressions anywhere. It passes the QA script and even tidies up the templates a little. I corrected the minor discrepancy in class upon thumbnails in opac-results for bootstrap as it was a very minor change to make. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #23284|0 |1 is obsolete| | --- Comment #18 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 23285 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=23285&action=edit [PASSED QA] Bug 10944 - Followup for Bootstrap Amazon images on https OPAC see test plan for previous patch, only bootstrap theme instead of prog. :) Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 marjorie barry-vila <marjorie.barry-vila@ccsr.qc.ca> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marjorie.barry-vila@ccsr.qc | |.ca -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 --- Comment #19 from Liz Rea <liz@catalyst.net.nz> --- Created attachment 24633 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=24633&action=edit Bug 10944 - opac-user and opac-readingrecord had instances of non-https amazon images To test: * Enable Amazon images in the system preferences * Issue a book you know will have images for, verify that without SSL 1. the images show on the borrower's logged in home page (opac-user) and on the opac-readingrecord 2. the image source is from an Amazon url that uses http:// 3. the images are the right size, and look ok * Do the same using https, verify that with SSL 1. the images show on the borrower's logged in home page (opac-user) and on the opac-readingrecord 2. the image source is from an Amazon url that uses https:// 3. the images are the right size, and look ok -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Liz Rea <wizzyrea@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wizzyrea@gmail.com --- Comment #20 from Liz Rea <wizzyrea@gmail.com> --- Should add that while I was in there I added the reference to the amazonTLD systempref. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Liz Rea <liz@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #24633|0 |1 is obsolete| | --- Comment #21 from Liz Rea <liz@catalyst.net.nz> --- Comment on attachment 24633 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=24633 Bug 10944 - opac-user and opac-readingrecord had instances of non-https amazon images I think the amazonTLD preference isn't working properly, so I'll submit a new patch without that additional change. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Jonathan Druart <jonathan.druart@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |http://bugs.koha-community. | |org/bugzilla3/show_bug.cgi? | |id=11684 -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Galen Charlton <gmcharlt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |rel_3_16_candidate -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Galen Charlton <gmcharlt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to Master CC| |gmcharlt@gmail.com --- Comment #22 from Galen Charlton <gmcharlt@gmail.com> --- Pushed to master. Thanks, Liz and Robin! -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |13527 -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |http://bugs.koha-community. | |org/bugzilla3/show_bug.cgi? | |id=13527 -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|13527 | -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |http://bugs.koha-community. | |org/bugzilla3/show_bug.cgi? | |id=11358 -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10944 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |11358 -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org