[Owasp-board] Mixed Content on OWASP.org

Jim Manico jim.manico at owasp.org
Thu Aug 22 10:58:16 UTC 2013


+1 Michael. Do you have homepage edit privs? Can you just go for it?

--
Jim Manico
@Manicode
(808) 652-3805

On Aug 22, 2013, at 12:31 PM, Michael Coates <michael.coates at owasp.org>
wrote:

I saw this earlier this week and it was also pointed out on twitter (
https://twitter.com/parker0phil/status/370466318887026688). We have mixed
content on owasp.org due to embedding the youtube video view http. Mixed
content is going to be blocked soon in firefox.

It looks like the root of the problem is the mediawiki extension for
embedding video which doesn't appear to support SSL links.


Here is the offending page.
https://www.owasp.org/index.php?title=Template:Community-Sandbox

I believe the solution is to enable and use the iframe widget.

<br>
'''Hundreds of Hours of [
https://www.owasp.org/index.php/Category:OWASP_Video AppSec Videos]'''
{{#ev:youtube|CDbWvEwBBxo}}


Replace above (current page) with below:

{{#widget:Iframe
|url=https://www.youtube.com/watch?v=CDbWvEwBBxo&feature=player_embedded
|width=410
|height=342
|border=1
}}



--
Michael Coates | OWASP | @_mwc

 _______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20130822/f97b4279/attachment.html>


More information about the Owasp-board mailing list