[vlc-devel] [PATCH] lua/http: use HTTPS to link to third-party web assets from frontend
Alexandre Janniaux
ajanni at videolabs.io
Sat Aug 1 21:11:55 CEST 2020
Hi,
Doesn't this conflict with web interface rewrite by David?
Regards,
--
Alexandre Janniaux
Videolabs
On Sat, Aug 01, 2020 at 09:02:08PM +0200, Pierre Ynard via vlc-devel wrote:
> Date: Sat, 1 Aug 2020 21:02:08 +0200
> From: Pierre Ynard <linkfanel at yahoo.fr>
> To: vlc-devel at videolan.org
> Subject: [vlc-devel] [PATCH] lua/http: use HTTPS to link to third-party web
> assets from frontend
> User-Agent: Mutt/1.5.23 (2014-03-12)
>
> This is recommended good practice, as it improves security. This is also
> necessary to serve VLC's web interface frontend over HTTPS.
>
> Fixes #21216
>
> Based on a patch from Noam Lerner <noam.lerner at gmail.com>, thanks!
>
>
> diff --git a/share/lua/http/dialogs/stream_config_window.html b/share/lua/http/dialogs/stream_config_window.html
> index d219c6d..12737aa 100644
> --- a/share/lua/http/dialogs/stream_config_window.html
> +++ b/share/lua/http/dialogs/stream_config_window.html
> @@ -8,7 +8,7 @@
> "<?vlc gettext("Okay") ?>":function(){
> $('#player').empty();
> $('#player').attr('href',$('#stream_protocol').val()+'://'+$('#stream_host').val()+':'+$('#stream_port').val()+'/'+$('#stream_file').val());
> - flowplayer("player", "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> + flowplayer("player", "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> $(this).dialog('close');
> },
> "<?vlc gettext("Cancel") ?>":function(){
> diff --git a/share/lua/http/index.html b/share/lua/http/index.html
> index 211fa08..4d7853d 100644
> --- a/share/lua/http/index.html
> +++ b/share/lua/http/index.html
> @@ -36,8 +36,8 @@
> </script>
> <link type="text/css" href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
> <link type="text/css" href="css/main.css" rel="stylesheet" />
> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> + <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> + <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> <script type="text/javascript" src="js/jquery.jstree.js"></script>
> <script type="text/javascript" src="js/ui.js"></script>
> <script type="text/javascript" src="js/controllers.js"></script>
> @@ -189,9 +189,9 @@
> $('#viewContainer').animate({height: 'toggle'});
> });
> /* delay script loading so we won't block if we have no net access */
> - $.getScript('http://releases.flowplayer.org/js/flowplayer-3.2.6.min.js', function(data, textStatus){
> + $.getScript('https://releases.flowplayer.org/js/flowplayer-3.2.6.min.js', function(data, textStatus){
> $('#player').empty();
> - flowplayer("player", "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> + flowplayer("player", "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> /* .getScript only handles success() */
> });
> //]]>
> diff --git a/share/lua/http/js/ui.js b/share/lua/http/js/ui.js
> index a404ef0..b5473ae 100644
> --- a/share/lua/http/js/ui.js
> +++ b/share/lua/http/js/ui.js
> @@ -69,7 +69,7 @@ $(function () {
> break;
> case 'stream':
> sendVLMCmd('control Current play');
> - flowplayer("player", "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> + flowplayer("player", "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> break;
> }
> } else {
> @@ -102,7 +102,7 @@ $(function () {
> }
> var urlimg = location.href + 'mobile.html';
> var codeimg = $('<img width="350" height="350" alt="qrcode"/>');
> - codeimg.attr('src', 'http://chart.apis.google.com/chart?cht=qr&chs=350x350&chld=L&choe=UTF-8&chl=' + encodeURIComponent(urlimg));
> + codeimg.attr('src', 'https://chart.apis.google.com/chart?cht=qr&chs=350x350&chld=L&choe=UTF-8&chl=' + encodeURIComponent(urlimg));
> codeimg.dialog({width: 350, height: 350, title: 'QR-Code'});
> return false;
> });
> diff --git a/share/lua/http/mobile.html b/share/lua/http/mobile.html
> index efac88c..31b932f 100644
> --- a/share/lua/http/mobile.html
> +++ b/share/lua/http/mobile.html
> @@ -31,10 +31,10 @@
> <script type="text/javascript" src="js/common.js"></script>
> <link type="text/css" href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
> <link type="text/css" href="css/mobile.css" rel="stylesheet" />
> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> + <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> + <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> <script type="text/javascript" src="js/jquery.jstree.js"></script>
> - <script type="text/javascript" src="http://releases.flowplayer.org/js/flowplayer-3.2.6.min.js"></script>
> + <script type="text/javascript" src="https://releases.flowplayer.org/js/flowplayer-3.2.6.min.js"></script>
> <script type="text/javascript" src="js/ui.js"></script>
> <script type="text/javascript" src="js/controllers.js"></script>
> <script type="text/javascript">
> diff --git a/share/lua/http/mobile_browse.html b/share/lua/http/mobile_browse.html
> index 51f6540..82e9997 100644
> --- a/share/lua/http/mobile_browse.html
> +++ b/share/lua/http/mobile_browse.html
> @@ -29,8 +29,8 @@
> <script type="text/javascript" src="js/common.js"></script>
> <link type="text/css" href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
> <link type="text/css" href="css/main.css" rel="stylesheet" />
> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> + <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> + <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> <script type="text/javascript" src="js/jquery.jstree.js"></script>
> <script type="text/javascript" src="js/controllers.js"></script>
> <script type="text/javascript">
> diff --git a/share/lua/http/mobile_equalizer.html b/share/lua/http/mobile_equalizer.html
> index 7341109..4406741 100644
> --- a/share/lua/http/mobile_equalizer.html
> +++ b/share/lua/http/mobile_equalizer.html
> @@ -29,8 +29,8 @@
> <script type="text/javascript" src="js/common.js"></script>
> <link type="text/css" href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
> <link type="text/css" href="css/main.css" rel="stylesheet" />
> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> + <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> + <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> <script type="text/javascript" src="js/jquery.jstree.js"></script>
> <script type="text/javascript" src="js/controllers.js"></script>
> <script type="text/javascript">
> diff --git a/share/lua/http/mobile_view.html b/share/lua/http/mobile_view.html
> index f7660e3..69c2886 100644
> --- a/share/lua/http/mobile_view.html
> +++ b/share/lua/http/mobile_view.html
> @@ -29,18 +29,18 @@
> <script type="text/javascript" src="js/common.js"></script>
> <link type="text/css" href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
> <link type="text/css" href="css/main.css" rel="stylesheet" />
> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> + <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> + <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> <script type="text/javascript" src="js/jquery.jstree.js"></script>
> <script type="text/javascript" src="js/controllers.js"></script>
> <script type="text/javascript" src="js/ui.js"></script>
> <script type="text/javascript">
> var pollStatus = false;
> /* delay script loading so we won't block if we have no net access */
> - $.getScript('http://releases.flowplayer.org/js/flowplayer-3.2.6.min.js', function(data, textStatus){
> + $.getScript('https://releases.flowplayer.org/js/flowplayer-3.2.6.min.js', function(data, textStatus){
> $('#player').empty();
> $('#player').attr('href',$('#stream_protocol').val()+'://'+$('#stream_host').val()+':'+$('#stream_port').val()+'/'+$('#stream_file').val());
> - flowplayer("player", "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> + flowplayer("player", "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> /* .getScript only handles success() */
> });
> </script>
> diff --git a/share/lua/http/view.html b/share/lua/http/view.html
> index 07ddd0d..a155ff7 100644
> --- a/share/lua/http/view.html
> +++ b/share/lua/http/view.html
> @@ -29,9 +29,9 @@
> <link type="text/css" href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
> <link type="text/css" href="css/main.css" rel="stylesheet" />
> <script type="text/javascript" src="js/common.js"></script>
> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> - <script type="text/javascript" src="http://releases.flowplayer.org/js/flowplayer-3.2.6.min.js"></script>
> + <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> + <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> + <script type="text/javascript" src="https://releases.flowplayer.org/js/flowplayer-3.2.6.min.js"></script>
> <script type="text/javascript">
> //<![CDATA[
> $(function(){
> @@ -50,7 +50,7 @@
> });
> $('#player').empty();
> $('#player').attr('href',$('#stream_protocol').val()+'://'+$('#stream_host').val()+':'+$('#stream_port').val()+'/'+$('#stream_file').val());
> - flowplayer("player", "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> + flowplayer("player", "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> });
> //]]>
> </script>
> --
> Pierre Ynard
> "Une âme dans un corps, c'est comme un dessin sur une feuille de papier."
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
More information about the vlc-devel
mailing list