In a project I'm working on, we use captcha in an https url.
We get a premium account to avoid unsecure content on the page (as default account doesn't support https).

The captcha works right with image but when click on audio there are 2 problems :

First problem

Object tag contains http url:
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#vers..."

Browsers doesn't care about that excepts IE that show the bellow modal :
IE warns
For non-french speakers it means that secure and not secure content are mixed into the page and it asks user if he want to display only secure content. And this is espacialy to avoid this kind of warnings that we bought a premium account.

I simply tried change this url's protocols by https and warn message is over.
(download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0 responds 200 in both protocols)

Second problem :

Even if the swf load, when click on the play button, nothing happen.
When mp3 is called, I get those response header :

GET /v1/captcha/120524685c1a7635f1.mp3 HTTP/1.1
Accept: */*
Accept-Language: fr-FR
Referer: https://mydomain.com/sites/all/modules/contrib/mollom/mollom-captcha-player.swf?url=https%3A//xmlrpc2.mollom.com%3A443/v1/cap
x-flash-version: 11,2,202,235
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.3)
Host: xmlrpc2.mollom.com
Connection: Keep-Alive

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2-b16 Java/Sun Microsystems Inc./1.6)
Server: GlassFish Server Open Source Edition 3.1.2-b16
Cache-Control: no-cache, no-store, no-transform, must-revalidate
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: audio/mp3
Content-Length: 39240
Date: Thu, 24 May 2012 14:37:53 GMT

In first sight it looks correct but I get also

URL: https://xmlrpc2.mollom.com/v1/captcha/120524685c1a7635f1.mp3
Content Type: audio/mp3
Headers size (bytes): 810
Data size (bytes): 0
Total size (bytes): 810
Transferred data size (bytes): 810

Cached data: No

Error result: 0x800c0008
Error constant: INET_E_DOWNLOAD_FAILURE
Error description: The download has failed (the connection was interrupted)
Extended error result: 0x2f7e

After investigations I found that the problem is a "design feature" in Internet Explorer (<= 8).
Loading data via SSL into the Flash Player ActiveX control will not work if the server includes a "no-cache" value in "Cache-Control".
Source : http://helpx.adobe.com/flash-player/kb/flash-player-issues-secure-socket...

I guess it can't be fixed at module's level but in mollom server.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

jgtrescazes’s picture

Status: Active » Needs review
FileSize
964 bytes

Here is a little patch to change http by https in audio captcha's html tag attributes.
This avoid IE warning about unsecured content.

Status: Needs review » Needs work
sun’s picture

Title: Audio captcha doesn't work on IE 8 when displayed in an https url » Audio captcha doesn't work on IE 8 on an SSL page
Version: 7.x-1.1 » 7.x-2.x-dev
Component: Miscellaneous » Code
Status: Needs work » Needs review
FileSize
851 bytes

Let's simply use a protocol-free URI then.

I'll also forward the HTTP header issue to the Mollom engineering team.

sun’s picture

Title: Audio captcha doesn't work on IE 8 on an SSL page » Audio captcha doesn't work in IE 8 on an SSL page
Status: Needs review » Fixed

Thanks for reporting, reviewing, and testing! Committed to all 2.x branches.

A new development snapshot will be available within the next 12 hours. This improvement will be available in the next official release.

As you already mentioned, the HTTP response headers need to be adjusted on the Mollom service backend.

jgtrescazes’s picture

Ok, thanks.
Do you know when the next official release would be available ?

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

  • Commit 2f7c065 on 7.x-2.x, 8.x-2.x, fbajs, actions by sun:
    - #1598946 by jgtrescazes, sun: Fixed Audio captcha doesn't work in IE 8...

  • Commit 2f7c065 on 7.x-2.x, 8.x-2.x, fbajs, actions by sun:
    - #1598946 by jgtrescazes, sun: Fixed Audio captcha doesn't work in IE 8...