Re: [mezzanine-users] Re: TinyMCE4 - Problems on deployed site

2015-12-08 Thread Wim Feijen 
Actually, it is insecure to have part of your website https secured and 
part not, because cookies can easily be intercepted. So it's always a good 
idea to secure the whole site.

On Tuesday, 10 November 2015 23:02:47 UTC+1, iain ross wrote:
>
> On Wed, 11 Nov 2015 07:07:29 +1030 
> Danny  wrote: 
>
> > My overall solution was to make my entire site HTTPS... not elegant, 
> > I know, but probably better in this security conscious world :) 
>
> and don't forget ranking: 
>
> http://googlewebmastercentral.blogspot.co.uk/2014/08/https-as-ranking-signal.html
>  
>
> -- 
>
> Regards, 
> Iain. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [mezzanine-users] Re: TinyMCE4 - Problems on deployed site

2015-11-10 Thread Cody Pettit 
Thanks for the quick response! We'll try your suggestion

*Cody Pettit*

*Marriott School of Management*
*Masters of Information Systems Management*
*(801) 877-2561*

On Tue, Nov 10, 2015 at 1:32 PM, Cody Pettit  wrote:

> Hi Danny,
>
> Did you ever figure out what your issue was/is? We are facing a similar
> issue.
>
> We can't select an image from the Media Library to insert into a page (or
> form). It's not even working for us in development with DEBUG = True.
>
> We can, however, select and insert an image into a Gallery Page.
>
> The image/button needed to select and insert an image just isn't there
> when we are trying to insert into a page/form.
>
> Appreciate any help!
>
> Thanks,
>
> Cody
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Mezzanine Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/mezzanine-users/cyeNtYsmQeU/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> mezzanine-users+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [mezzanine-users] Re: TinyMCE4 - Problems on deployed site

2015-11-10 Thread Cody Pettit 
Hi Danny,

Did you ever figure out what your issue was/is? We are facing a similar 
issue.

We can't select an image from the Media Library to insert into a page (or 
form). It's not even working for us in development with DEBUG = True.

We can, however, select and insert an image into a Gallery Page. 

The image/button needed to select and insert an image just isn't there when 
we are trying to insert into a page/form.

Appreciate any help!

Thanks,

Cody

-- 
You received this message because you are subscribed to the Google Groups 
"Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [mezzanine-users] Re: TinyMCE4 - Problems on deployed site

2015-11-10 Thread Danny 

On 11/11/2015 7:02 AM, Cody Pettit wrote:

Hi Danny,

Did you ever figure out what your issue was/is? We are facing a 
similar issue.


We can't select an image from the Media Library to insert into a page 
(or form). It's not even working for us in development with DEBUG = True.


We can, however, select and insert an image into a Gallery Page.

The image/button needed to select and insert an image just isn't there 
when we are trying to insert into a page/form.


Mostly, the issue is accessing parts of the site across the HTTP/HTTPS 
boundary. If you  have HTTPS enabled for the admin side of things,
then accessing the Media Library when editing on the HTTP site doesn't 
work, and if you're editing in the Admin side, you can't get the Link 
List of pages because it's under a HTTP URL.


My overall solution was to make my entire site HTTPS... not elegant, I 
know, but probably better in this security conscious world :)


If you do go down this route, I found this page quite useful in setting 
up my nginx configuration to ensure all avenues are taken care of:

https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

Seeya. Danny.




Appreciate any help!

Thanks,

Cody



--
*Danny Sag*
Chairperson
Round World Events SA, Inc
City of Small Gods Terry Pratchett Fan Club - http://cityofsmallgods.org.au

*Nullus Anxietas VI - The Australian Discworld Convention* - 
http://ausdwcon.org

"The Discworld Grand Tour" - Adelaide SA, August 4-6, 2017

--
You received this message because you are subscribed to the Google Groups "Mezzanine 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [mezzanine-users] Re: TinyMCE4 - Problems on deployed site

2015-11-10 Thread Iain Mac Donald 
On Wed, 11 Nov 2015 07:07:29 +1030
Danny  wrote:

> My overall solution was to make my entire site HTTPS... not elegant,
> I know, but probably better in this security conscious world :)

and don't forget ranking:
http://googlewebmastercentral.blogspot.co.uk/2014/08/https-as-ranking-signal.html

-- 

Regards,
Iain.

-- 
You received this message because you are subscribed to the Google Groups 
"Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [mezzanine-users] Re: TinyMCE4 - Problems on deployed site

2015-07-24 Thread Danny 

On 25/07/2015 1:04 AM, Josh Cartmell wrote:
Hey Danny I'm not too sure what's going on, but is your site actually 
serving from an IP address like 33.33.33.33? Is there some sort of 
mixture of ip and domain[s]?




Hi Josh,

Yes, 33.33.33.33 is the host-accessible IP of my vagrant VM, and it's 
what I've got in ALLOWED_HOSTS (and the nginx.conf file), so I don't 
think it's the IP that's the problem. For vagrant deployment, I'm not 
using a hostname.


Relevant line from my Vagrantfile: config.vm.network private_network, 
ip: 33.33.33.33


Seeya. Danny.

On Thu, Jul 23, 2015 at 11:46 PM, Danny molo...@gmail.com 
mailto:molo...@gmail.com wrote:


Replying to myself again...

I thought I'd try this with a brand new site, using the latest
Mezzanine/Cartridge stuff from master prior to the 4.0.1 release.

BTW... it's still a problem :D

Setup steps:
1. mezzanine-project -a cartridge mez401
2. Edit requirements.txt to be:
git+git://github.com/stephenmcd/grappelli-safe.git
http://github.com/stephenmcd/grappelli-safe.git
git+git://github.com/stephenmcd/filebrowser-safe.git
http://github.com/stephenmcd/filebrowser-safe.git
git+git://github.com/stephenmcd/mezzanine.git
http://github.com/stephenmcd/mezzanine.git
git+git://github.com/stephenmcd/cartridge.git
http://github.com/stephenmcd/cartridge.git
3. Edit mez401/settings.py, uncomment the SSLRedirectMiddelware line
4. Edit mez401/local_settings.py, set up FABRIC dictionary to
deploy to my vagrant VM
5. fab all
Hooray, deployment works, and I can visit the site and log in to
admin.
6. Admin-Settings, set Enable SSL to true.

Now, to test the TinyMCE issues:
On Admin side, create a new page, select some text, click the
Insert/Edit Link button... nothing happens (no popup)
Upload some pictures to the Media Library

On main site, edit a page using yellow EDIT button, click the
Insert/Edit Image button.
Dialog pops up, click browse button (folder/magnifying glass) next
to Source
Next screen pops up saying Select image to insert but the rest
of it is blank - I'm not even seeing the Media Library browser here.

Browser debug console has the error message: Load denied by
X-Frame-Options:
https://33.33.33.33/admin/media-library/browse/?pop=5type=image
does not permit cross-origin framing. unknown

Can anyone help please?

Surely this is a standard setup for most websites? (admin, shop
etc under https and the main site not) Can we get this fixed
before the 4.0.1 release?

Thanks,

Seeya. Danny.



On 23 July 2015 at 17:15, Danny molo...@gmail.com
mailto:molo...@gmail.com wrote:

I'm now convinced that both of my issues are https/SSL related.

The media library image select works under https but not http,
because the Media library browser is under the /admin path
(which is https)
The insert/edit link box relies on displayable_links.js which
is http, so it works through the 'front' side but not under admin.

Has anyone managed to get this working on a site with SSL
enabled for the /admin path?

Seeya. Danny.


On 23/07/2015 1:08 PM, Danny wrote:

Hi all,

I'm hoping someone can either replicate my issue or help me
debug it.

Using Mezzanine master (as of 23/7/15), on my deployed site,
I can't select an image from the Media Library to insert it
into a page when Inserting/Editing an image.
This is editing via the main site's Yellow EDIT buttons, not
on the admin side. (on the Admin side, it works)

i.e. this button:


The javascript error shown in the Firebug console is Error:
Permission denied to access property tinymce on
FB_TinyMCE4.js line 4, col 8

That script is, with line 4 in bold:
var FileBrowserDialogue = {
fileSubmit : function (FileURL) {
parentWin = (!window.frameElement 
window.dialogArguments) || opener || parent || top;
*tinymce = tinyMCE = parentWin.tinymce;*
self.editor = tinymce.EditorManager.activeEditor;
self.params = self.editor.windowManager.getParams();
parentWin.document.getElementById(self.params.input).value =
FileURL;
self.editor.windowManager.close(parentWin);
}
};

The same actions work perfectly fine when running
development/DEBUG=True.

The other problem that still persists in Mezzanine 4 (and has
been around for a while, even with earlier TinyMCE versions),
is that the Insert/Edit Link dialog does not pop up if
editing a Page on the Admin side - I suspect this is because
it is behind https/SSL here, and something is going wrong there.

The error given in Firebug is Blocked loading mixed active

[mezzanine-users] Re: TinyMCE4 - Problems on deployed site

2015-07-23 Thread Danny 
Replying to myself again...

I thought I'd try this with a brand new site, using the latest
Mezzanine/Cartridge stuff from master prior to the 4.0.1 release.

BTW... it's still a problem :D

Setup steps:
1. mezzanine-project -a cartridge mez401
2. Edit requirements.txt to be:
git+git://github.com/stephenmcd/grappelli-safe.git
git+git://github.com/stephenmcd/filebrowser-safe.git
git+git://github.com/stephenmcd/mezzanine.git
git+git://github.com/stephenmcd/cartridge.git
3. Edit mez401/settings.py, uncomment the SSLRedirectMiddelware line
4. Edit mez401/local_settings.py, set up FABRIC dictionary to deploy to my
vagrant VM
5. fab all
Hooray, deployment works, and I can visit the site and log in to admin.
6. Admin-Settings, set Enable SSL to true.

Now, to test the TinyMCE issues:
On Admin side, create a new page, select some text, click the Insert/Edit
Link button... nothing happens (no popup)
Upload some pictures to the Media Library

On main site, edit a page using yellow EDIT button, click the Insert/Edit
Image button.
Dialog pops up, click browse button (folder/magnifying glass) next to Source
Next screen pops up saying Select image to insert but the rest of it is
blank - I'm not even seeing the Media Library browser here.

Browser debug console has the error message: Load denied by
X-Frame-Options:
https://33.33.33.33/admin/media-library/browse/?pop=5type=image does not
permit cross-origin framing. unknown

Can anyone help please?

Surely this is a standard setup for most websites? (admin, shop etc under
https and the main site not) Can we get this fixed before the 4.0.1 release?

Thanks,

Seeya. Danny.



On 23 July 2015 at 17:15, Danny molo...@gmail.com wrote:

  I'm now convinced that both of my issues are https/SSL related.

 The media library image select works under https but not http, because the
 Media library browser is under the /admin path (which is https)
 The insert/edit link box relies on displayable_links.js which is http, so
 it works through the 'front' side but not under admin.

 Has anyone managed to get this working on a site with SSL enabled for the
 /admin path?

 Seeya. Danny.


 On 23/07/2015 1:08 PM, Danny wrote:

 Hi all,

 I'm hoping someone can either replicate my issue or help me debug it.

 Using Mezzanine master (as of 23/7/15), on my deployed site, I can't
 select an image from the Media Library to insert it into a page when
 Inserting/Editing an image.
 This is editing via the main site's Yellow EDIT buttons, not on the admin
 side. (on the Admin side, it works)

 i.e. this button:


 The javascript error shown in the Firebug console is Error: Permission
 denied to access property tinymce on FB_TinyMCE4.js line 4, col 8

 That script is, with line 4 in bold:
 var FileBrowserDialogue = {
 fileSubmit : function (FileURL) {
 parentWin = (!window.frameElement  window.dialogArguments) ||
 opener || parent || top;
 *tinymce = tinyMCE = parentWin.tinymce;*
 self.editor = tinymce.EditorManager.activeEditor;
 self.params = self.editor.windowManager.getParams();
 parentWin.document.getElementById(self.params.input).value =
 FileURL;
 self.editor.windowManager.close(parentWin);
 }
 };

 The same actions work perfectly fine when running development/DEBUG=True.

 The other problem that still persists in Mezzanine 4 (and has been around
 for a while, even with earlier TinyMCE versions), is that the Insert/Edit
 Link dialog does not pop up if editing a Page on the Admin side - I suspect
 this is because it is behind https/SSL here, and something is going wrong
 there.

 The error given in Firebug is Blocked loading mixed active content
 http://mydomain.com/displayable_links.js;
 http://mydomain.com/displayable_links.js
 Is there a workaround for loading the Filebrowser/TinyMCE content when
 behind https?

 There used to be an issue with the 'asset_proxy' prefix that could be
 solved by substituting the SLL Middleware, but I don't think that's the
 smart thing to do.

 These two are possibly the last hurdles I need resolved before upgrading
 my site to Mezzanine 4.

 Seeya. Danny.



-- 
You received this message because you are subscribed to the Google Groups 
Mezzanine Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[mezzanine-users] Re: TinyMCE4 - Problems on deployed site

2015-07-23 Thread Danny 

I'm now convinced that both of my issues are https/SSL related.

The media library image select works under https but not http, because 
the Media library browser is under the /admin path (which is https)
The insert/edit link box relies on displayable_links.js which is http, 
so it works through the 'front' side but not under admin.


Has anyone managed to get this working on a site with SSL enabled for 
the /admin path?


Seeya. Danny.

On 23/07/2015 1:08 PM, Danny wrote:

Hi all,

I'm hoping someone can either replicate my issue or help me debug it.

Using Mezzanine master (as of 23/7/15), on my deployed site, I can't 
select an image from the Media Library to insert it into a page when 
Inserting/Editing an image.
This is editing via the main site's Yellow EDIT buttons, not on the 
admin side. (on the Admin side, it works)


i.e. this button:


The javascript error shown in the Firebug console is Error: 
Permission denied to access property tinymce on FB_TinyMCE4.js line 
4, col 8


That script is, with line 4 in bold:
var FileBrowserDialogue = {
fileSubmit : function (FileURL) {
parentWin = (!window.frameElement  window.dialogArguments) 
|| opener || parent || top;

*tinymce = tinyMCE = parentWin.tinymce;*
self.editor = tinymce.EditorManager.activeEditor;
self.params = self.editor.windowManager.getParams();
parentWin.document.getElementById(self.params.input).value = FileURL;
self.editor.windowManager.close(parentWin);
}
};

The same actions work perfectly fine when running development/DEBUG=True.

The other problem that still persists in Mezzanine 4 (and has been 
around for a while, even with earlier TinyMCE versions), is that the 
Insert/Edit Link dialog does not pop up if editing a Page on the Admin 
side - I suspect this is because it is behind https/SSL here, and 
something is going wrong there.


The error given in Firebug is Blocked loading mixed active content 
http://mydomain.com/displayable_links.js;
Is there a workaround for loading the Filebrowser/TinyMCE content when 
behind https?


There used to be an issue with the 'asset_proxy' prefix that could be 
solved by substituting the SLL Middleware, but I don't think that's 
the smart thing to do.


These two are possibly the last hurdles I need resolved before 
upgrading my site to Mezzanine 4.


Seeya. Danny.

--
*Danny Sag*
Chairperson
Round World Events SA, Inc
City of Small Gods Terry Pratchett Fan Club - 
http://cityofsmallgods.org.au


*Nullus Anxietas VI - The Australian Discworld Convention* - 
http://ausdwcon.org

The Discworld Grand Tour - Adelaide SA, August 4-6, 2017



--
*Danny Sag*
Chairperson
Round World Events SA, Inc
City of Small Gods Terry Pratchett Fan Club - http://cityofsmallgods.org.au

*Nullus Anxietas VI - The Australian Discworld Convention* - 
http://ausdwcon.org

The Discworld Grand Tour - Adelaide SA, August 4-6, 2017

--
You received this message because you are subscribed to the Google Groups Mezzanine 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.