Loads JS over HTTP, which is now blocked by default in Firefox
nogweii opened this issue · comments
I was trying to read the documentation for Ruby Facets, but was prevented by Firefox's security measures. Here are the entries from the console:
Blocked loading mixed active content "http://code.jquery.com/jquery-1.6.2.min.js"[Learn More] rubyfaux
Blocked loading mixed active content "http://yandex.st/highlightjs/6.0/highlight.min.js"[Learn More] rubyfaux
Blocked loading mixed active content "http://yandex.st/highlightjs/6.0/styles/default.min.css"[Learn More] rubyfaux
ReferenceError: jQuery is not defined jquery.history.js:194
ReferenceError: jQuery is not defined quicksearch.js:28
ReferenceError: $ is not defined rubyfaux:51
The Web Console logging API (console.log, console.info, console.warn, console.error) has been disabled by a script on this page.
And to note, the URL https://rubyworks.github.io/rubyfaux/?doc=http://rubyworks.github.io/facets/docs/facets-2.9.3/core.json would probably have to change. Both to reflect HTTPS, and that facets 3.0.0 was just released.
Separately, using the alternative URL (http://shomen-rubyfaux.herokuapp.com/?doc=http://rubyworks.github.io/facets/docs/facets-2.9.3/core.json) results in this error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://rubyworks.github.io/facets/docs/facets-2.9.3/core.json. This can be fixed by moving the resource to the same domain or enabling CORS. core.json
But I don't know if you can even set CORS headers with Github Pages.
On Sun, Jan 18, 2015 at 1:00 AM, No GUI notifications@github.com wrote:
Separately, using the alternative URL (
http://shomen-rubyfaux.herokuapp.com/?doc=http://rubyworks.github.io/facets/docs/facets-2.9.3/core.json)
results in this error:Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://rubyworks.github.io/facets/docs/facets-2.9.3/core.json. This can be fixed by moving the resource to the same domain or enabling CORS. core.json
But I don't know if you can even set CORS headers with Github Pages.
Thanks. That's my "ingenious" Shomen documentation system in which one
could produce a standard json file with all the documentation "facts" and
then use another application, in particular a dynamic web-page, to generate
a UI for it. Unfortunately after all my work these are the kinds of errors
I am rewarded with :-( Even as I worked around the original errors, your
report makes it clear to me that the situation has now gotten even worse.
Personally I don't quite understand why it is considered a security issue
for one website to read from another and process it as data. But it seems
those involved in making web browsers and web application services think it
must be and put up barriers to prevent it from happening. As much as I
would like to make Shomen work, I don't see anyway to fix it. And it makes
me very sad to think about, b/c to me is such an elegant approach.
In any case, with regards to documentation for Facets there is always the
YARD site, although the docs won't be quite as good as they could be b/c
haven't used YARD tags.
Interestingly enough, the first link still works in Chrome, but not if one replaces "http" with "https".
Also, at second glance the errors you received on Firefox may not actually be due to cross-origins, per se. It looks like it is blowing up simply trying to load some javascripts directly from the vendor's sites. I am surprised by that since it is becoming a fairly wide practice nowadays.
Also, I was not aware of CORS before. Thank you for bringing that to my attention. Obviously others have had the same frustrations! :-) I'll look into it. With any luck there will be a fix.
Okay, the first issue might be fixed.