Support HTTPS and CDN for GeoGebra's JavaScript API

pegasusroe shared this idea 3 years ago
Completed

Recently, I was trying to make a tutorial about how to make a GeoGebra webpage by embedding the JavaScript API provided by GeoGebra. I was using Mozilla's online editor "Thimble" while making this tutorial.

What I did was to include the following code in my index.html file:

<script src="http://www.geogebratube.org/scripts/deployggb.js"></script>

but it didn't work.

What I got was an error message from my browser's console:

-------------------------------------------------------------------------------------

Mixed Content: The page at 'blob:https%3A//mozillathimblelivepreview.net/ab89dad4-6f53-4078-ad37-d099eeed4dc5' was loaded over HTTPS, but requested an insecure script 'http://app.geogebra.org/5.0/web/web.nocache.js'. This request has been blocked; the content must be served over HTTPS.

-------------------------------------------------------------------------------------

So, is it possible to support HTTPS for GeoGebra's JavaScript API?

Secondly, is it a good idea to upload deployggb.js to some CDN (Content Delivery Network)?

Comments (11)

photo
1

Change


  1. <script src="http://www.geogebratube.org/scripts/deployggb.js"></script>

to


  1. <script src="https://tube.geogebra.org/s..."></script>

photo
1

Thanks for your quick answer, Michael, but it didn't work.


Despite using:


  1. <script src="https://tube.geogebra.org/s..."></script>


My browser still complains about the following "insecure scripts":


  1. http://app.geogebra.org/5.0/web/js/webfont.js
  2. http://app.geogebra.org/5.0/web/web.nocache.js


which are still using the insecure "HTTP" protocol.


I have no idea where these scripts come from, but they are there.

Any idea?

photo
1

Where did you find the URL? If http is still mentioned somewhere instead of https we need to update the docs.

By the way everything in app.geogebra.org (which is the main part of data transfer when running GeoGebra) is served through CDN, we might move deployggb.js there also.

photo
1

Please post a link to your applet so we can check.


You will notice that eg https://tube.geogebra.org/m/1300 loads webfont.js from https correctly

photo
2

I'm working on my project using Mozilla online editor "Thimble", here is one version of my webpage:



You can remix that webpage to see how it works behind the scene.


Thimble's webpage has two modes: "Preview" mode and "Published" mode. The published one is working fine, but the preview mode isn't. My browser keeps complaining about those scripts I mentioned above as insecure, it is the browser's console where I found those "insecure" scripts.


Someone in the Mozilla Support Forum told me that:

"Thimble does support external js files, but they have to be loaded securely. That means the server they're hosted on has to support https and the url used as the `src` needs to start with `https` as well."

photo
1

Everything is loaded fine over https for me with your link (in Chrome and Firefox)


https://d157rqmxrxj6ey.clou...

photo
1

it's the "published" one, which is working fine (as I mentioned above), you have to remix it to see the "preview" mode.

photo
1

Remix -> Preview gives me


  1. https://mozillathimblelivepreview.net/bramble/production/dist/deployggb.js Failed to load resource: the server responded with a status of 404 (Not Found)

photo
1

seems that when you remix it Thimble makes local copy of the scripts: https://d157rqmxrxj6ey.clou...

photo
1

Thimble's remix seems buggy.


Change the following:


  1. <script src="util.js"></script>
  2. <script src="deployggb.js"></script>
  3. <script src="ggb.js"></script>


to


  1. <script src="scripts/util.js"></script>
  2. <script src="scripts/libs/deployggb.js"></script>
  3. <script src="scripts/ggb.js"></script>


shoud fix the problem.

photo
1

Updated links for CDN here:


https://wiki.geogebra.org/e...

© 2019 International GeoGebra Institute