Fix for warning: page contains secure and nonsecure items
I run a secure phpBB forum that ONLY operates on port 443, SSL is required or the connection is denied. My users started requesting the ability to post youtube and google videos within the post.
I installed the
[2.0.19] Youtube Video BBCode and the
[2.0.21] Google Video and everthing worked perfectly, until I tested the feature in my browser and got the following warning message:
Quote:
This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?
AHH! How annoying. So I went about looking for a workaround for this and finally came up with my own solution, that is very easy.
Open includes\bbcode.php
FindCode:
// [email]user@domain.tld[/email] code..
$patterns[] = "#\[email\]([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si";
$replacements[] = $bbcode_tpl['email'];
After AddCode:
// [youtube]YouTube URL[/youtube] code..
$patterns[] = "#\[youtube\]http://(?:www\.)?youtube.com/watch\?v=([0-9A-Za-z-_]{11})[^[]*\[/youtube\]#is";
$replacements[] = $bbcode_tpl['youtube'];
// [GVideo]GVideo URL[/GVideo] code..
$patterns[] = "#\[GVideo\]http://video.google.com/googleplayer\.swf\?docid=([0-9A-Za-z-_]*)[^[]*\[/GVideo\]#is";
$replacements[] = $bbcode_tpl['GVideo'];
// [GVideo]GVideo URL[/GVideo] code..
$patterns[] = "#\[GVideo\]http://video.google.com/videoplay\?docid=([0-9A-Za-z-_]*)[^[]*\[/GVideo\]#is";
$replacements[] = $bbcode_tpl['GVideo'];
FindCode:
$text = preg_replace($patterns, $replacements, $text);
After AddCode:
$text = str_replace("http://www.youtube.com/", "https://example.com/lounge/youtube/", $text);
$text = str_replace("http://video.google.com/videoplay", "https://example.com/lounge/googleplayer.swf", $text);
$text = str_replace("http://video.google.com/", "https://example.com/lounge/", $text);
Now heres the cool part, in your sites root web-accessible folder
http://www.example.com/ add an .htaccess file with the following:
Code:
RewriteEngine On
RewriteBase /
RewriteRule ^lounge/googleplayer\.swf(.*)$ http://video.google.com/googleplayer.swf$1 [L]
RewriteRule ^lounge/youtube/(.*)$ http://www.youtube.com/$1 [L]
and it worked!
But one caveat, this wouldn’t turn the warning messages off in IE < version 7, so I added some simple HTML to the head of all my pages that only shows up for people using IE < version 7.
Code:
<!--[if lt IE 7]>
<span id="ie7">Please Upgrade:
<a href="http://www.microsoft.com/windows/ie/downloads/default.mspx?mg_id=10013">IE 7!</a>
<a href="http://www.mozilla.com/en-US/">FF!</a></span>
<![endif]–>
Cool huh! Can anyone help me clean up the code that I am including in bbcode.php? As you can see I don't really understand how to do the replacing in the most efficient way..
Original Solution: Fix for secure and nonsecure items warning message and
AskApache.com blog
Its really not specific per-say, to any MODs. I just happed to demonstrate the use with 2 mods. It could just as easily work to allow non-ssl images to be displayed without a warning, by rewriting https to http.
The crux of this thread is the ability to remove the "This page contains both secure and nonsecure items" warning message when including non-ssl content over an ssl connection.
This technique centers around the use of mod_rewrite and modifying the bbcode.php file to rewrite non-ssl address to local ssl addresses, then the rewrite rules in htaccess internally rewrite the bbcode rewritten ssl urls to the correct urls, but it happens internally so that the warning message is never displayed. This also has some security benefits acting as a layer of abstration between the non-ssl content and the visitor requesting the content.
I really would like help improving the way I am replacing stuff in bbcode.php but for the life of me I can't seem to find the correct forum to post this?? :) help :)
Register
Login
