[vlc-devel] [PATCH] lua/http: use HTTPS to link to third-party web assets from frontend
Pierre Ynard
linkfanel at yahoo.fr
Sat Aug 1 21:02:08 CEST 2020
This is recommended good practice, as it improves security. This is also
necessary to serve VLC's web interface frontend over HTTPS.
Fixes #21216
Based on a patch from Noam Lerner <noam.lerner at gmail.com>, thanks!
diff --git a/share/lua/http/dialogs/stream_config_window.html b/share/lua/http/dialogs/stream_config_window.html
index d219c6d..12737aa 100644
--- a/share/lua/http/dialogs/stream_config_window.html
+++ b/share/lua/http/dialogs/stream_config_window.html
@@ -8,7 +8,7 @@
"<?vlc gettext("Okay") ?>":function(){
$('#player').empty();
$('#player').attr('href',$('#stream_protocol').val()+'://'+$('#stream_host').val()+':'+$('#stream_port').val()+'/'+$('#stream_file').val());
- flowplayer("player", "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
+ flowplayer("player", "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
$(this).dialog('close');
},
"<?vlc gettext("Cancel") ?>":function(){
diff --git a/share/lua/http/index.html b/share/lua/http/index.html
index 211fa08..4d7853d 100644
--- a/share/lua/http/index.html
+++ b/share/lua/http/index.html
@@ -36,8 +36,8 @@
</script>
<link type="text/css" href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
<link type="text/css" href="css/main.css" rel="stylesheet" />
- <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
- <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
+ <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
+ <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
<script type="text/javascript" src="js/jquery.jstree.js"></script>
<script type="text/javascript" src="js/ui.js"></script>
<script type="text/javascript" src="js/controllers.js"></script>
@@ -189,9 +189,9 @@
$('#viewContainer').animate({height: 'toggle'});
});
/* delay script loading so we won't block if we have no net access */
- $.getScript('http://releases.flowplayer.org/js/flowplayer-3.2.6.min.js', function(data, textStatus){
+ $.getScript('https://releases.flowplayer.org/js/flowplayer-3.2.6.min.js', function(data, textStatus){
$('#player').empty();
- flowplayer("player", "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
+ flowplayer("player", "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
/* .getScript only handles success() */
});
//]]>
diff --git a/share/lua/http/js/ui.js b/share/lua/http/js/ui.js
index a404ef0..b5473ae 100644
--- a/share/lua/http/js/ui.js
+++ b/share/lua/http/js/ui.js
@@ -69,7 +69,7 @@ $(function () {
break;
case 'stream':
sendVLMCmd('control Current play');
- flowplayer("player", "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
+ flowplayer("player", "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
break;
}
} else {
@@ -102,7 +102,7 @@ $(function () {
}
var urlimg = location.href + 'mobile.html';
var codeimg = $('<img width="350" height="350" alt="qrcode"/>');
- codeimg.attr('src', 'http://chart.apis.google.com/chart?cht=qr&chs=350x350&chld=L&choe=UTF-8&chl=' + encodeURIComponent(urlimg));
+ codeimg.attr('src', 'https://chart.apis.google.com/chart?cht=qr&chs=350x350&chld=L&choe=UTF-8&chl=' + encodeURIComponent(urlimg));
codeimg.dialog({width: 350, height: 350, title: 'QR-Code'});
return false;
});
diff --git a/share/lua/http/mobile.html b/share/lua/http/mobile.html
index efac88c..31b932f 100644
--- a/share/lua/http/mobile.html
+++ b/share/lua/http/mobile.html
@@ -31,10 +31,10 @@
<script type="text/javascript" src="js/common.js"></script>
<link type="text/css" href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
<link type="text/css" href="css/mobile.css" rel="stylesheet" />
- <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
- <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
+ <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
+ <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
<script type="text/javascript" src="js/jquery.jstree.js"></script>
- <script type="text/javascript" src="http://releases.flowplayer.org/js/flowplayer-3.2.6.min.js"></script>
+ <script type="text/javascript" src="https://releases.flowplayer.org/js/flowplayer-3.2.6.min.js"></script>
<script type="text/javascript" src="js/ui.js"></script>
<script type="text/javascript" src="js/controllers.js"></script>
<script type="text/javascript">
diff --git a/share/lua/http/mobile_browse.html b/share/lua/http/mobile_browse.html
index 51f6540..82e9997 100644
--- a/share/lua/http/mobile_browse.html
+++ b/share/lua/http/mobile_browse.html
@@ -29,8 +29,8 @@
<script type="text/javascript" src="js/common.js"></script>
<link type="text/css" href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
<link type="text/css" href="css/main.css" rel="stylesheet" />
- <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
- <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
+ <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
+ <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
<script type="text/javascript" src="js/jquery.jstree.js"></script>
<script type="text/javascript" src="js/controllers.js"></script>
<script type="text/javascript">
diff --git a/share/lua/http/mobile_equalizer.html b/share/lua/http/mobile_equalizer.html
index 7341109..4406741 100644
--- a/share/lua/http/mobile_equalizer.html
+++ b/share/lua/http/mobile_equalizer.html
@@ -29,8 +29,8 @@
<script type="text/javascript" src="js/common.js"></script>
<link type="text/css" href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
<link type="text/css" href="css/main.css" rel="stylesheet" />
- <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
- <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
+ <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
+ <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
<script type="text/javascript" src="js/jquery.jstree.js"></script>
<script type="text/javascript" src="js/controllers.js"></script>
<script type="text/javascript">
diff --git a/share/lua/http/mobile_view.html b/share/lua/http/mobile_view.html
index f7660e3..69c2886 100644
--- a/share/lua/http/mobile_view.html
+++ b/share/lua/http/mobile_view.html
@@ -29,18 +29,18 @@
<script type="text/javascript" src="js/common.js"></script>
<link type="text/css" href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
<link type="text/css" href="css/main.css" rel="stylesheet" />
- <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
- <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
+ <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
+ <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
<script type="text/javascript" src="js/jquery.jstree.js"></script>
<script type="text/javascript" src="js/controllers.js"></script>
<script type="text/javascript" src="js/ui.js"></script>
<script type="text/javascript">
var pollStatus = false;
/* delay script loading so we won't block if we have no net access */
- $.getScript('http://releases.flowplayer.org/js/flowplayer-3.2.6.min.js', function(data, textStatus){
+ $.getScript('https://releases.flowplayer.org/js/flowplayer-3.2.6.min.js', function(data, textStatus){
$('#player').empty();
$('#player').attr('href',$('#stream_protocol').val()+'://'+$('#stream_host').val()+':'+$('#stream_port').val()+'/'+$('#stream_file').val());
- flowplayer("player", "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
+ flowplayer("player", "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
/* .getScript only handles success() */
});
</script>
diff --git a/share/lua/http/view.html b/share/lua/http/view.html
index 07ddd0d..a155ff7 100644
--- a/share/lua/http/view.html
+++ b/share/lua/http/view.html
@@ -29,9 +29,9 @@
<link type="text/css" href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
<link type="text/css" href="css/main.css" rel="stylesheet" />
<script type="text/javascript" src="js/common.js"></script>
- <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
- <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
- <script type="text/javascript" src="http://releases.flowplayer.org/js/flowplayer-3.2.6.min.js"></script>
+ <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
+ <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
+ <script type="text/javascript" src="https://releases.flowplayer.org/js/flowplayer-3.2.6.min.js"></script>
<script type="text/javascript">
//<![CDATA[
$(function(){
@@ -50,7 +50,7 @@
});
$('#player').empty();
$('#player').attr('href',$('#stream_protocol').val()+'://'+$('#stream_host').val()+':'+$('#stream_port').val()+'/'+$('#stream_file').val());
- flowplayer("player", "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
+ flowplayer("player", "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
});
//]]>
</script>
--
Pierre Ynard
"Une âme dans un corps, c'est comme un dessin sur une feuille de papier."
More information about the vlc-devel
mailing list