In a project I'm working on, we use captcha in an https url.
We get a premium account to avoid unsecure content on the page (as default account doesn't support https).

The captcha works right with image but when click on audio there are 2 problems :

First problem

Object tag contains http url:
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#vers..."

Browsers doesn't care about that excepts IE that show the bellow modal :
IE warns
For non-french speakers it means that secure and not secure content are mixed into the page and it asks user if he want to display only secure content. And this is espacialy to avoid this kind of warnings that we bought a premium account.

I simply tried change this url's protocols by https and warn message is over.
(download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0 responds 200 in both protocols)

Second problem :

Even if the swf load, when click on the play button, nothing happen.
When mp3 is called, I get those response header :

GET /v1/captcha/120524685c1a7635f1.mp3 HTTP/1.1
Accept: */*
Accept-Language: fr-FR
Referer: https://mydomain.com/sites/all/modules/contrib/mollom/mollom-captcha-player.swf?url=https%3A//xmlrpc2.mollom.com%3A443/v1/cap
x-flash-version: 11,2,202,235
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.3)
Host: xmlrpc2.mollom.com
Connection: Keep-Alive
HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2-b16 Java/Sun Microsystems Inc./1.6)
Server: GlassFish Server Open Source Edition 3.1.2-b16
Cache-Control: no-cache, no-store, no-transform, must-revalidate
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: audio/mp3
Content-Length: 39240
Date: Thu, 24 May 2012 14:37:53 GMT

In first sight it looks correct but I get also

URL: https://xmlrpc2.mollom.com/v1/captcha/120524685c1a7635f1.mp3
Content Type: audio/mp3
Headers size (bytes): 810
Data size (bytes): 0
Total size (bytes): 810
Transferred data size (bytes): 810
Cached data: No
Error result: 0x800c0008
Error constant: INET_E_DOWNLOAD_FAILURE
Error description: The download has failed (the connection was interrupted)
Extended error result: 0x2f7e

After investigations I found that the problem is a "design feature" in Internet Explorer (<= 8).
Loading data via SSL into the Flash Player ActiveX control will not work if the server includes a "no-cache" value in "Cache-Control".
Source : http://helpx.adobe.com/flash-player/kb/flash-player-issues-secure-socket...

I guess it can't be fixed at module's level but in mollom server.

Files: 
CommentFileSizeAuthor
#3 mollom.captcha-audio-ssl.3.patch851 bytessun
PASSED: [[SimpleTest]]: [MySQL] 4,229 pass(es).
[ View ]
#1 mollom-use-https-for-audio-captcha-object-tags-codebase-url-1598946-1.patch964 bytesjgtrescazes
FAILED: [[SimpleTest]]: [MySQL] Unable to apply patch mollom-use-https-for-audio-captcha-object-tags-codebase-url-1598946-1.patch. Unable to apply patch. See the log in the details link for more information.
[ View ]

Comments

Status:Active» Needs review
StatusFileSize
new964 bytes
FAILED: [[SimpleTest]]: [MySQL] Unable to apply patch mollom-use-https-for-audio-captcha-object-tags-codebase-url-1598946-1.patch. Unable to apply patch. See the log in the details link for more information.
[ View ]

Here is a little patch to change http by https in audio captcha's html tag attributes.
This avoid IE warning about unsecured content.

Status:Needs review» Needs work

Title:Audio captcha doesn't work on IE 8 when displayed in an https urlAudio captcha doesn't work on IE 8 on an SSL page
Version:7.x-1.1» 7.x-2.x-dev
Component:Miscellaneous» Code
Status:Needs work» Needs review
StatusFileSize
new851 bytes
PASSED: [[SimpleTest]]: [MySQL] 4,229 pass(es).
[ View ]

Let's simply use a protocol-free URI then.

I'll also forward the HTTP header issue to the Mollom engineering team.

Title:Audio captcha doesn't work on IE 8 on an SSL pageAudio captcha doesn't work in IE 8 on an SSL page
Status:Needs review» Fixed

Thanks for reporting, reviewing, and testing! Committed to all 2.x branches.

A new development snapshot will be available within the next 12 hours. This improvement will be available in the next official release.

As you already mentioned, the HTTP response headers need to be adjusted on the Mollom service backend.

Ok, thanks.
Do you know when the next official release would be available ?

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.