I have a problem with embedding SWFs via SSL.
I know that the common misconception with embedding SWFs on secure pages is that people always try to embed it using a non-secure link. This isn't the case, as I am trying to host the SWF and swfobject.js locally using relative paths to account for the use of SSL.
It appears that the first of these players (under ssl) will play the audio playback, but won't display the video, while the second one will render the entire SWF fine.
Here are 2 examples that are EXTREMELY similiar. Unfortunately I can only post 2 hyperlinks, so you'll have to swap the http: protocol with https: to see how each player renders under SSL.
These 2 players are using 2 different SWF's, so I'm lead to believe it's a Flash/ActionScript issue, but I have failed to isolate it.
Example 1
Non-secure working embed
Example 2
Non-secure working embed
First, Mixed http & https are different domains that run afoul of the Adobe Flash Player's same-domain security restriction. Using a cross-domain file on the root of your server will allow access.
Second, IE has some known problems with SWF and SSL.
Third, be sure to enable https and check to ensure you have a valid root certificate.
Without more information, this is the best I can do.
The best way is to test your work using the Debug Version of Flash Player. This works best in Firefox. Chances are there is something (dependency or resource) that the player is trying to get without SSL.
Related
I can easily watch and embedd any stream running on Ant Media Server with help of embedd URL but also it seems as other with the stream information can use the URL on their websites too.
I tried using CORS filter but it seems a little complicated and didn't work.
How can I easily prevent my streams from being embedded to unauthorized webistes/domains?
For workaround solutions in Ant Media server (v2.4.3 or older versions) please check here.
In v2.5.0 and above, you can allow selected domains through a single property file to let them embed the iframe code.
To allow only specific domains to embed the iframe code, edit the /usr/local/antmedia/webapps/app-name/WEB-INF/red5-web.properties file and add the below setting.
settings.contentSecurityPolicyHeaderValue=frame-ancestors 'self' https://allow-domain-name;
If you would like to allow multiple domains, then it should be like this.
settings.contentSecurityPolicyHeaderValue=frame-ancestors 'self' https://domain1 https://domain2;
​After making the changes, restart the server with sudo service antmedia restart.
'Self' is required to play the stream on the AMS dashboard panel itself. In this way, other than allowed domains, streams cannot be embedded using iframe code on other websites.
I am trying to monitor the requests for images to verify whether the images are loaded from the ios/android cache or they are still being requested from the backend firebase storage. I am using React Native Debugger by enabling Network Inspect but can't seem to observe the requests for images (URIs) of react-native "image" components. How can I monitor the requests for images or how can I check whether the images are loaded from the cache or not?
Thanks!
According to the React Native Debugger documentation here: https://github.com/jhen0409/react-native-debugger/blob/master/docs/network-inspect-of-chrome-devtools.md
It can't inspect request like Images loaded from urls for src, so if
your Image source has a set session, the session can't apply to fetch
and XMLHttpRequest.
The same document refers to Charles & stetho for monitoring these kinds of requests.
If you want to inspect deeper network requests (like requests made
with Image), use tools like Charles or Stetho.
I installed Charles on my mac, installed the certificate on my iOS device, and enabled it using the information contained on the below links. Now I am able to monitor the requests for images.
1- https://www.charlesproxy.com/documentation/getting-started/
2- https://www.donnywals.com/debugging-network-traffic-with-charles/
3- https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/
4- https://stackoverflow.com/a/49129286/1680793
(You may need to visit other linked pages on the links I listed above as needed)
Install Charles on you Mac, launch this help action as described in the documentation I listed:
Charles will guide you about how to install and trust the required certificate on your device:
Some important points:
When you install Charles on your Mac/PC, if it asks for making the
required configurations automatically, allow it.
To install the certificate on your ios device browse to
chls.pro/ssl URL using the SAFARI browser, not Chrome. Then
follow the instructions your device displays to install the
certificate. (I was especially interested in monitoring my iOS device
since android seems to cache the images by default)
If you are using firebase storage as your image store (as I do) and can't see the requests/responses being recorded by Charles, lookout for a message like this: SSL Proxying not enabled for this host. Enable in the Proxy Menu, SSL Proxying Settings
You need to enable SSL proxying for https://firebasestorage.googleapis.com. Add firebasestorage to SSL proxying configuration like so (or whatever URL you are interested in monitoring the communication with):
Charles will be recording everything going on with your mac, to
observe just the "firestore" requests from your app for your images,
use the "filter" box at the bottom of the structure tree on the left
pane (see the first image above).
Don't forget to disable your WIFI proxy after you are done with
Charles or you will not be able to connect to the internet.
Make sure you follow the documentation carefully and pay attention to my list here.
Charles is a paid tool. You can use the trial version for 30 days.
And each launch will terminate itself after 30 mins, so you will need
to restart Charles.
I am doing a small research project to test DASH streaming on very low bandwidth mobile connections in India.
I have an AWS machine where I can upload video and package it for MPEG-DASH and HLS streaming and create the MPD and m3u8 files.
But I am unable to serve the video.
I have tried with Apache and node.js. I was told that by just placing the folder that contains the mpd nad m3u8 files with the video chunks I should be able to stream the video.
I am not sure what I am doing wrong. Is there any special configuration I need to do to server MPEG-DASH video ? If there a tutorial/blog/github project someone could point me towards, that would be brilliant.
TIA.
Setting up a DASH Media streaming, is fairly involved. You can get all paid services from Bitmovin, Wowza and many others but don't give up yet. There are a lot of open-source stuff out there as well that works. I have been working on DASH for a while now.
Here's my setup,
OS: Ubuntu 16.04
Server: Apache2 (easy to setup): Few edits I had to do: CORS and an alias setting.
Client: Dash.js: Literally just get the dash.js-master branch from github. Don't get stuck with the dash.js-development branch, if you don't wanna end up editing stuff.
Content Generation: ffmpeg and MP4Box
All you have to do for initial setup is make 2 directories in your apache's root directory, (i.e. inside the folder that contains index.html). Your first directory will be the compiled dash.js client and the second will be your content directory.
Point a link on your server to the dash.js reference client, then all you have to do is play your mpd on the client. (Make sure it confirms to the mpd validation norms though)
Now, this might just work only on a computer and not a cell phone, but hey I think you disable all the connections (wireless and wired) on your computer and use one of those wireless dongles provided by Airtel/Reliance/any network provider!
Shall be here to answer more insightful questions, hath need be!
You do not need any server side application. If you are using AWS a simple S3 bucket behind Cloudfront will do the trick nicely, without any EC2 needed at all. Just ensure you have CORS and crossdomain.xml in place.
Stefen Lederer posted a blog about just this set up.
Also, use your browsers developer mode to catch failed requests and console errors which might give pointers as to why it is not working for you.
I'm wondering how I can find out where the culprit is, as to what is NOT being transmitted over SSL on my website. It's blowing my mind, because I use relative URLs or explicitly choose HTTPS:// for all links, images, etc...
Any ideas/tools to find out what the issue is?
Thanks.
If you mean that some resources are transferred over HTTP without encryption, you can check for this in Chrome's Developer tools in the tab Resources - that should tell you which parts come from where - look for those with address starting with http:// .
Alternately, use Fiddler: by default, it won't decrypt HTTPS connections, so you'll be seeing CONNECT requests for HTTPS, and GET/POST for HTTP - those are your culprits.
For those, like myself, who run into this issue i suggest a few tips while designing your website.
Always use relative paths when ever possible "images/someimage.png" instead of using domain paths like http://someDomainName/images/someimage.png so on. Any one of these and it will cause the browser to throw that warning at you.
When linking to external content, Google/other Ads, javascript sources(such as jquery, so on), or any other media... make sure you use a https:// link if they have one available. Myself, i had one tiny image for a link to an external site but they did not offer a https link to the image, so i simply downloaded it and put it in my images folder. Problem solved.
The Chrome resources list is a very helpful tool, not sure if Firefox has something similar in its tool box. Another method, if you have shell/command line access, is to use grep to search the files for "http:". This, most often, will show anything that is linking to non secure content.
I have a site and i implemented ssl there. but when i browse it, the security seals dont come. i asked to godaddy, they replaid:
Thank you for contacting online support. I cannot replicate the issue you have described. The error you described is caused by the way your site has been designed. If you receive this error, you have a combination of secure and non-secure objects on the page. For example, if your secure website was https://www.domain.tld and you added an object (an image, script, flash file, etc.) to that page that was located at http://www.domain.tld/image.jpg, you would break the seal.
You will need to change your design to
link to objects using https (ie
https://www.domain.tld/image.jpg) or
modify your site design to use
relative paths (/image.jpg).
This error can only be corrected by
modifying your site design. Please
contact your web designer or the
manufacturer of your web design
software if you require additional
assistance modifying your site design.
but the problem is i made everything,all my images javascripts are unders https, but the seal still not coming, saying: some content insecure. what is the problem.
Your problem is in line 8 of jqueryslidemenu.js:
var arrowimages={down:['downarrowclass', 'http://lendersutopia.com/images/down.gif', 23], right:['rightarrowclass', 'images/right.gif']}
You should change it to
var arrowimages={down:['downarrowclass', 'images/down.gif', 23], right:['rightarrowclass', 'images/right.gif']}