[vlc-devel] [vlc-commits] lua/http: use HTTPS to link to third-party web assets from frontend
Jean-Baptiste Kempf
jb at videolan.org
Fri Aug 7 19:23:38 CEST 2020
Hello Pierre,
I'm quite sure people told you to not modify the web interface on master.
Best,
On Fri, 7 Aug 2020, at 19:21, Pierre Ynard wrote:
> vlc | branch: master | Pierre Ynard <linkfanel at yahoo.fr> | Fri Aug 7
> 19:19:54 2020 +0200| [49cddd79e05a7280914b4124c9dba3cabb7a8d80] |
> committer: Pierre Ynard
>
> lua/http: use HTTPS to link to third-party web assets from frontend
>
> This is recommended good practice, as it improves security. This is also
> necessary to serve VLC's web interface frontend over HTTPS.
>
> Fixes #21216
>
> Based on a patch from Noam Lerner <noam.lerner at gmail.com>, thanks!
>
> > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=49cddd79e05a7280914b4124c9dba3cabb7a8d80
> ---
>
> share/lua/http/dialogs/stream_config_window.html | 2 +-
> share/lua/http/index.html | 8 ++++----
> share/lua/http/js/ui.js | 4 ++--
> share/lua/http/mobile.html | 6 +++---
> share/lua/http/mobile_browse.html | 4 ++--
> share/lua/http/mobile_equalizer.html | 4 ++--
> share/lua/http/mobile_view.html | 8 ++++----
> share/lua/http/view.html | 8 ++++----
> 8 files changed, 22 insertions(+), 22 deletions(-)
>
> diff --git a/share/lua/http/dialogs/stream_config_window.html
> b/share/lua/http/dialogs/stream_config_window.html
> index d219c6d403..12737aa190 100644
> --- a/share/lua/http/dialogs/stream_config_window.html
> +++ b/share/lua/http/dialogs/stream_config_window.html
> @@ -8,7 +8,7 @@
> "<?vlc gettext("Okay") ?>":function(){
> $('#player').empty();
>
> $('#player').attr('href',$('#stream_protocol').val()+'://'+$('#stream_host').val()+':'+$('#stream_port').val()+'/'+$('#stream_file').val());
> - flowplayer("player",
> "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> + flowplayer("player",
> "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> $(this).dialog('close');
> },
> "<?vlc gettext("Cancel") ?>":function(){
> diff --git a/share/lua/http/index.html b/share/lua/http/index.html
> index 4a8a4ff51c..c96d411d95 100644
> --- a/share/lua/http/index.html
> +++ b/share/lua/http/index.html
> @@ -36,8 +36,8 @@
> </script>
> <link type="text/css"
> href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
> <link type="text/css" href="css/main.css" rel="stylesheet" />
> - <script type="text/javascript"
> src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> - <script type="text/javascript"
> src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> + <script type="text/javascript"
> src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> + <script type="text/javascript"
> src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> <script type="text/javascript" src="js/jquery.jstree.js"></script>
> <script type="text/javascript" src="js/ui.js"></script>
> <script type="text/javascript" src="js/controllers.js"></script>
> @@ -189,9 +189,9 @@
> $('#viewContainer').animate({height: 'toggle'});
> });
> /* delay script loading so we won't block if we have no net access
> */
> - $.getScript('http://releases.flowplayer.org/js/flowplayer-3.2.6.min.js', function(data, textStatus){
> + $.getScript('https://releases.flowplayer.org/js/flowplayer-3.2.6.min.js', function(data, textStatus){
> $('#player').empty();
> - flowplayer("player",
> "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> + flowplayer("player",
> "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> /* .getScript only handles success() */
> });
> //]]>
> diff --git a/share/lua/http/js/ui.js b/share/lua/http/js/ui.js
> index 3950bf056c..83e5c23294 100644
> --- a/share/lua/http/js/ui.js
> +++ b/share/lua/http/js/ui.js
> @@ -69,7 +69,7 @@ $(function () {
> break;
> case 'stream':
> sendVLMCmd('control Current play');
> - flowplayer("player",
> "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> + flowplayer("player",
> "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> break;
> }
> } else {
> @@ -102,7 +102,7 @@ $(function () {
> }
> var urlimg = location.href + 'mobile.html';
> var codeimg = $('<img width="350" height="350"
> alt="qrcode"/>');
> - codeimg.attr('src',
> 'http://chart.apis.google.com/chart?cht=qr&chs=350x350&chld=L&choe=UTF-8&chl=' + encodeURIComponent(urlimg));
> + codeimg.attr('src',
> 'https://chart.apis.google.com/chart?cht=qr&chs=350x350&chld=L&choe=UTF-8&chl=' + encodeURIComponent(urlimg));
> codeimg.dialog({width: 350, height: 350, title: 'QR-Code'});
> return false;
> });
> diff --git a/share/lua/http/mobile.html b/share/lua/http/mobile.html
> index efac88c3ab..31b932f3dc 100644
> --- a/share/lua/http/mobile.html
> +++ b/share/lua/http/mobile.html
> @@ -31,10 +31,10 @@
> <script type="text/javascript" src="js/common.js"></script>
> <link type="text/css"
> href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
> <link type="text/css" href="css/mobile.css" rel="stylesheet" />
> - <script type="text/javascript"
> src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> - <script type="text/javascript"
> src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> + <script type="text/javascript"
> src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> + <script type="text/javascript"
> src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> <script type="text/javascript" src="js/jquery.jstree.js"></script>
> - <script type="text/javascript"
> src="http://releases.flowplayer.org/js/flowplayer-3.2.6.min.js"></script>
> + <script type="text/javascript"
> src="https://releases.flowplayer.org/js/flowplayer-3.2.6.min.js"></script>
> <script type="text/javascript" src="js/ui.js"></script>
> <script type="text/javascript" src="js/controllers.js"></script>
> <script type="text/javascript">
> diff --git a/share/lua/http/mobile_browse.html
> b/share/lua/http/mobile_browse.html
> index 51f65406c5..82e9997840 100644
> --- a/share/lua/http/mobile_browse.html
> +++ b/share/lua/http/mobile_browse.html
> @@ -29,8 +29,8 @@
> <script type="text/javascript" src="js/common.js"></script>
> <link type="text/css"
> href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
> <link type="text/css" href="css/main.css" rel="stylesheet" />
> - <script type="text/javascript"
> src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> - <script type="text/javascript"
> src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> + <script type="text/javascript"
> src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> + <script type="text/javascript"
> src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> <script type="text/javascript" src="js/jquery.jstree.js"></script>
> <script type="text/javascript" src="js/controllers.js"></script>
> <script type="text/javascript">
> diff --git a/share/lua/http/mobile_equalizer.html
> b/share/lua/http/mobile_equalizer.html
> index 7341109bce..4406741b65 100644
> --- a/share/lua/http/mobile_equalizer.html
> +++ b/share/lua/http/mobile_equalizer.html
> @@ -29,8 +29,8 @@
> <script type="text/javascript" src="js/common.js"></script>
> <link type="text/css"
> href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
> <link type="text/css" href="css/main.css" rel="stylesheet" />
> - <script type="text/javascript"
> src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> - <script type="text/javascript"
> src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> + <script type="text/javascript"
> src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> + <script type="text/javascript"
> src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> <script type="text/javascript" src="js/jquery.jstree.js"></script>
> <script type="text/javascript" src="js/controllers.js"></script>
> <script type="text/javascript">
> diff --git a/share/lua/http/mobile_view.html
> b/share/lua/http/mobile_view.html
> index f7660e31ae..69c288682d 100644
> --- a/share/lua/http/mobile_view.html
> +++ b/share/lua/http/mobile_view.html
> @@ -29,18 +29,18 @@
> <script type="text/javascript" src="js/common.js"></script>
> <link type="text/css"
> href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
> <link type="text/css" href="css/main.css" rel="stylesheet" />
> - <script type="text/javascript"
> src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> - <script type="text/javascript"
> src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> + <script type="text/javascript"
> src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> + <script type="text/javascript"
> src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> <script type="text/javascript" src="js/jquery.jstree.js"></script>
> <script type="text/javascript" src="js/controllers.js"></script>
> <script type="text/javascript" src="js/ui.js"></script>
> <script type="text/javascript">
> var pollStatus = false;
> /* delay script loading so we won't block if we have no net access
> */
> - $.getScript('http://releases.flowplayer.org/js/flowplayer-3.2.6.min.js', function(data, textStatus){
> + $.getScript('https://releases.flowplayer.org/js/flowplayer-3.2.6.min.js', function(data, textStatus){
> $('#player').empty();
>
> $('#player').attr('href',$('#stream_protocol').val()+'://'+$('#stream_host').val()+':'+$('#stream_port').val()+'/'+$('#stream_file').val());
> - flowplayer("player",
> "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> + flowplayer("player",
> "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> /* .getScript only handles success() */
> });
> </script>
> diff --git a/share/lua/http/view.html b/share/lua/http/view.html
> index 07ddd0d6cf..a155ff7e53 100644
> --- a/share/lua/http/view.html
> +++ b/share/lua/http/view.html
> @@ -29,9 +29,9 @@
> <link type="text/css"
> href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
> <link type="text/css" href="css/main.css" rel="stylesheet" />
> <script type="text/javascript" src="js/common.js"></script>
> - <script type="text/javascript"
> src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> - <script type="text/javascript"
> src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> - <script type="text/javascript"
> src="http://releases.flowplayer.org/js/flowplayer-3.2.6.min.js"></script>
> + <script type="text/javascript"
> src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
> + <script type="text/javascript"
> src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js"></script>
> + <script type="text/javascript"
> src="https://releases.flowplayer.org/js/flowplayer-3.2.6.min.js"></script>
> <script type="text/javascript">
> //<![CDATA[
> $(function(){
> @@ -50,7 +50,7 @@
> });
> $('#player').empty();
>
> $('#player').attr('href',$('#stream_protocol').val()+'://'+$('#stream_host').val()+':'+$('#stream_port').val()+'/'+$('#stream_file').val());
> - flowplayer("player",
> "http://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> + flowplayer("player",
> "https://releases.flowplayer.org/swf/flowplayer-3.2.7.swf");
> });
> //]]>
> </script>
>
> _______________________________________________
> vlc-commits mailing list
> vlc-commits at videolan.org
> https://mailman.videolan.org/listinfo/vlc-commits
>
--
Jean-Baptiste Kempf - President
+33 672 704 734
More information about the vlc-devel
mailing list