Browers blocking mixed content, esp. when you are on a SSL enabled site is becoming more of an issue esp. since not all browsers make this blocking obvious. Firefox only has a small icon in the universal bar.
We already fixed bug #1207140 but that doesn't apply to other places where mixed content is used, e.g. in external image galleries. Flickr for example typically shows you http, but you can use the same URL under https. Thus, if you know that, you can use that instead on your SSL site.
Is there a way of implementing something like the protocol relevant URL in Mahara or make it more obvious that content can't be displayed due to it being mixed? With more and more people having SSL, this will become more of a question.
For an example, see https://mahara.org/interaction/forum/topic.php?id=5712
Well, we could be more aggressive about searching user-uploaded content, finding scheme-specific URLs, and converting them to scheme-relative URLs.
The only problem with that solution is that if the server in question only supports one scheme, then turning it into a scheme-relative URL would cause it to break.
Some likely places we'd need to do this:
- external content block
- displaying the output of an external feed block (i.e. translate the URLs in the RSS)
- any text field where we let the user enter <img> tags. ALTHOUGH TinyMCE seems to automatically handle some of this on the JS side, converting all the links in the text so that they match the protocol of the currently-loaded page.