Timeline blocked by Firefox when used on SSL-based sites.

Question

Timeline blocked by Firefox when used on SSL-based sites.

Opened this issue 9 years ago · 1 comments

GoogleCodeExporter commented 9 years ago

When including Simile Timeline in a site running on SSL, the timeline API is 
blocked by the browser. 

First step taken to mitigate this was to load the timeline-api.js at its SSL 
URL: <script type="text/javascript" 
src="https://api.simile-widgets.org/timeline/2.3.1/timeline-api.js?bundle=true">
</script>

Unfortunately, it breaks when timeline-api.js attempts to load additional JS 
files over http://

This cascades, and prevents the Timeline API from loading at all. 

Output from Firebug on Firefox 27:

Blocked loading mixed active content 
"http://api.simile-widgets.org/ajax/2.2.1/simile-ajax-api.js" timeli...le=true 
(line 270)
document.write("<script src='" + url + "' type='text/javascript'></script>");

Blocked loading mixed active content 
"http://api.simile-widgets.org/ajax/2.2.1/simile-ajax-api.js" timeli...le=true 
(line 270)
document.write("<script src='" + url + "' type='text/javascript'></script>");

ReferenceError: Timeline is not defined result...te=1970 (line 578) 
var eventSource1 = new Timeline.DefaultEventSource();

Original issue reported on code.google.com by static...@gmail.com on 13 Feb 2014 at 11:12

Answer 1 · 2016-01-31T21:33:13.000Z

I had this issue as well when loading the bundle over https.
They need to fix this, and the fix is rather simple...
In the file: timeline-api.js, at line 257 which reads:

"http://api.simile-widgets.org/ajax/2.2.1/simile-ajax-api.js"

should be changed to:

"//api.simile-widgets.org/ajax/2.2.1/simile-ajax-api.js"

(remove the "http:" prefix and let the URL be constructed based on whatever 
current protocol is being used to load that page)

Original comment by bor...@gmail.com on 31 Mar 2014 at 3:53