Re: [mezzanine-users] Re: TinyMCE4 - Problems on deployed site
Actually, it is insecure to have part of your website https secured and part not, because cookies can easily be intercepted. So it's always a good idea to secure the whole site. On Tuesday, 10 November 2015 23:02:47 UTC+1, iain ross wrote: > > On Wed, 11 Nov 2015 07:07:29 +1030 > Dannywrote: > > > My overall solution was to make my entire site HTTPS... not elegant, > > I know, but probably better in this security conscious world :) > > and don't forget ranking: > > http://googlewebmastercentral.blogspot.co.uk/2014/08/https-as-ranking-signal.html > > > -- > > Regards, > Iain. > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] Re: TinyMCE4 - Problems on deployed site
Thanks for the quick response! We'll try your suggestion *Cody Pettit* *Marriott School of Management* *Masters of Information Systems Management* *(801) 877-2561* On Tue, Nov 10, 2015 at 1:32 PM, Cody Pettitwrote: > Hi Danny, > > Did you ever figure out what your issue was/is? We are facing a similar > issue. > > We can't select an image from the Media Library to insert into a page (or > form). It's not even working for us in development with DEBUG = True. > > We can, however, select and insert an image into a Gallery Page. > > The image/button needed to select and insert an image just isn't there > when we are trying to insert into a page/form. > > Appreciate any help! > > Thanks, > > Cody > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Mezzanine Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/mezzanine-users/cyeNtYsmQeU/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > mezzanine-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] Re: TinyMCE4 - Problems on deployed site
Hi Danny, Did you ever figure out what your issue was/is? We are facing a similar issue. We can't select an image from the Media Library to insert into a page (or form). It's not even working for us in development with DEBUG = True. We can, however, select and insert an image into a Gallery Page. The image/button needed to select and insert an image just isn't there when we are trying to insert into a page/form. Appreciate any help! Thanks, Cody -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] Re: TinyMCE4 - Problems on deployed site
On 11/11/2015 7:02 AM, Cody Pettit wrote: Hi Danny, Did you ever figure out what your issue was/is? We are facing a similar issue. We can't select an image from the Media Library to insert into a page (or form). It's not even working for us in development with DEBUG = True. We can, however, select and insert an image into a Gallery Page. The image/button needed to select and insert an image just isn't there when we are trying to insert into a page/form. Mostly, the issue is accessing parts of the site across the HTTP/HTTPS boundary. If you have HTTPS enabled for the admin side of things, then accessing the Media Library when editing on the HTTP site doesn't work, and if you're editing in the Admin side, you can't get the Link List of pages because it's under a HTTP URL. My overall solution was to make my entire site HTTPS... not elegant, I know, but probably better in this security conscious world :) If you do go down this route, I found this page quite useful in setting up my nginx configuration to ensure all avenues are taken care of: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html Seeya. Danny. Appreciate any help! Thanks, Cody -- *Danny Sag* Chairperson Round World Events SA, Inc City of Small Gods Terry Pratchett Fan Club - http://cityofsmallgods.org.au *Nullus Anxietas VI - The Australian Discworld Convention* - http://ausdwcon.org "The Discworld Grand Tour" - Adelaide SA, August 4-6, 2017 -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] Re: TinyMCE4 - Problems on deployed site
On Wed, 11 Nov 2015 07:07:29 +1030 Dannywrote: > My overall solution was to make my entire site HTTPS... not elegant, > I know, but probably better in this security conscious world :) and don't forget ranking: http://googlewebmastercentral.blogspot.co.uk/2014/08/https-as-ranking-signal.html -- Regards, Iain. -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] Re: TinyMCE4 - Problems on deployed site
On 25/07/2015 1:04 AM, Josh Cartmell wrote: Hey Danny I'm not too sure what's going on, but is your site actually serving from an IP address like 33.33.33.33? Is there some sort of mixture of ip and domain[s]? Hi Josh, Yes, 33.33.33.33 is the host-accessible IP of my vagrant VM, and it's what I've got in ALLOWED_HOSTS (and the nginx.conf file), so I don't think it's the IP that's the problem. For vagrant deployment, I'm not using a hostname. Relevant line from my Vagrantfile: config.vm.network private_network, ip: 33.33.33.33 Seeya. Danny. On Thu, Jul 23, 2015 at 11:46 PM, Danny molo...@gmail.com mailto:molo...@gmail.com wrote: Replying to myself again... I thought I'd try this with a brand new site, using the latest Mezzanine/Cartridge stuff from master prior to the 4.0.1 release. BTW... it's still a problem :D Setup steps: 1. mezzanine-project -a cartridge mez401 2. Edit requirements.txt to be: git+git://github.com/stephenmcd/grappelli-safe.git http://github.com/stephenmcd/grappelli-safe.git git+git://github.com/stephenmcd/filebrowser-safe.git http://github.com/stephenmcd/filebrowser-safe.git git+git://github.com/stephenmcd/mezzanine.git http://github.com/stephenmcd/mezzanine.git git+git://github.com/stephenmcd/cartridge.git http://github.com/stephenmcd/cartridge.git 3. Edit mez401/settings.py, uncomment the SSLRedirectMiddelware line 4. Edit mez401/local_settings.py, set up FABRIC dictionary to deploy to my vagrant VM 5. fab all Hooray, deployment works, and I can visit the site and log in to admin. 6. Admin-Settings, set Enable SSL to true. Now, to test the TinyMCE issues: On Admin side, create a new page, select some text, click the Insert/Edit Link button... nothing happens (no popup) Upload some pictures to the Media Library On main site, edit a page using yellow EDIT button, click the Insert/Edit Image button. Dialog pops up, click browse button (folder/magnifying glass) next to Source Next screen pops up saying Select image to insert but the rest of it is blank - I'm not even seeing the Media Library browser here. Browser debug console has the error message: Load denied by X-Frame-Options: https://33.33.33.33/admin/media-library/browse/?pop=5type=image does not permit cross-origin framing. unknown Can anyone help please? Surely this is a standard setup for most websites? (admin, shop etc under https and the main site not) Can we get this fixed before the 4.0.1 release? Thanks, Seeya. Danny. On 23 July 2015 at 17:15, Danny molo...@gmail.com mailto:molo...@gmail.com wrote: I'm now convinced that both of my issues are https/SSL related. The media library image select works under https but not http, because the Media library browser is under the /admin path (which is https) The insert/edit link box relies on displayable_links.js which is http, so it works through the 'front' side but not under admin. Has anyone managed to get this working on a site with SSL enabled for the /admin path? Seeya. Danny. On 23/07/2015 1:08 PM, Danny wrote: Hi all, I'm hoping someone can either replicate my issue or help me debug it. Using Mezzanine master (as of 23/7/15), on my deployed site, I can't select an image from the Media Library to insert it into a page when Inserting/Editing an image. This is editing via the main site's Yellow EDIT buttons, not on the admin side. (on the Admin side, it works) i.e. this button: The javascript error shown in the Firebug console is Error: Permission denied to access property tinymce on FB_TinyMCE4.js line 4, col 8 That script is, with line 4 in bold: var FileBrowserDialogue = { fileSubmit : function (FileURL) { parentWin = (!window.frameElement window.dialogArguments) || opener || parent || top; *tinymce = tinyMCE = parentWin.tinymce;* self.editor = tinymce.EditorManager.activeEditor; self.params = self.editor.windowManager.getParams(); parentWin.document.getElementById(self.params.input).value = FileURL; self.editor.windowManager.close(parentWin); } }; The same actions work perfectly fine when running development/DEBUG=True. The other problem that still persists in Mezzanine 4 (and has been around for a while, even with earlier TinyMCE versions), is that the Insert/Edit Link dialog does not pop up if editing a Page on the Admin side - I suspect this is because it is behind https/SSL here, and something is going wrong there. The error given in Firebug is Blocked loading mixed active
[mezzanine-users] Re: TinyMCE4 - Problems on deployed site
Replying to myself again... I thought I'd try this with a brand new site, using the latest Mezzanine/Cartridge stuff from master prior to the 4.0.1 release. BTW... it's still a problem :D Setup steps: 1. mezzanine-project -a cartridge mez401 2. Edit requirements.txt to be: git+git://github.com/stephenmcd/grappelli-safe.git git+git://github.com/stephenmcd/filebrowser-safe.git git+git://github.com/stephenmcd/mezzanine.git git+git://github.com/stephenmcd/cartridge.git 3. Edit mez401/settings.py, uncomment the SSLRedirectMiddelware line 4. Edit mez401/local_settings.py, set up FABRIC dictionary to deploy to my vagrant VM 5. fab all Hooray, deployment works, and I can visit the site and log in to admin. 6. Admin-Settings, set Enable SSL to true. Now, to test the TinyMCE issues: On Admin side, create a new page, select some text, click the Insert/Edit Link button... nothing happens (no popup) Upload some pictures to the Media Library On main site, edit a page using yellow EDIT button, click the Insert/Edit Image button. Dialog pops up, click browse button (folder/magnifying glass) next to Source Next screen pops up saying Select image to insert but the rest of it is blank - I'm not even seeing the Media Library browser here. Browser debug console has the error message: Load denied by X-Frame-Options: https://33.33.33.33/admin/media-library/browse/?pop=5type=image does not permit cross-origin framing. unknown Can anyone help please? Surely this is a standard setup for most websites? (admin, shop etc under https and the main site not) Can we get this fixed before the 4.0.1 release? Thanks, Seeya. Danny. On 23 July 2015 at 17:15, Danny molo...@gmail.com wrote: I'm now convinced that both of my issues are https/SSL related. The media library image select works under https but not http, because the Media library browser is under the /admin path (which is https) The insert/edit link box relies on displayable_links.js which is http, so it works through the 'front' side but not under admin. Has anyone managed to get this working on a site with SSL enabled for the /admin path? Seeya. Danny. On 23/07/2015 1:08 PM, Danny wrote: Hi all, I'm hoping someone can either replicate my issue or help me debug it. Using Mezzanine master (as of 23/7/15), on my deployed site, I can't select an image from the Media Library to insert it into a page when Inserting/Editing an image. This is editing via the main site's Yellow EDIT buttons, not on the admin side. (on the Admin side, it works) i.e. this button: The javascript error shown in the Firebug console is Error: Permission denied to access property tinymce on FB_TinyMCE4.js line 4, col 8 That script is, with line 4 in bold: var FileBrowserDialogue = { fileSubmit : function (FileURL) { parentWin = (!window.frameElement window.dialogArguments) || opener || parent || top; *tinymce = tinyMCE = parentWin.tinymce;* self.editor = tinymce.EditorManager.activeEditor; self.params = self.editor.windowManager.getParams(); parentWin.document.getElementById(self.params.input).value = FileURL; self.editor.windowManager.close(parentWin); } }; The same actions work perfectly fine when running development/DEBUG=True. The other problem that still persists in Mezzanine 4 (and has been around for a while, even with earlier TinyMCE versions), is that the Insert/Edit Link dialog does not pop up if editing a Page on the Admin side - I suspect this is because it is behind https/SSL here, and something is going wrong there. The error given in Firebug is Blocked loading mixed active content http://mydomain.com/displayable_links.js; http://mydomain.com/displayable_links.js Is there a workaround for loading the Filebrowser/TinyMCE content when behind https? There used to be an issue with the 'asset_proxy' prefix that could be solved by substituting the SLL Middleware, but I don't think that's the smart thing to do. These two are possibly the last hurdles I need resolved before upgrading my site to Mezzanine 4. Seeya. Danny. -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[mezzanine-users] Re: TinyMCE4 - Problems on deployed site
I'm now convinced that both of my issues are https/SSL related. The media library image select works under https but not http, because the Media library browser is under the /admin path (which is https) The insert/edit link box relies on displayable_links.js which is http, so it works through the 'front' side but not under admin. Has anyone managed to get this working on a site with SSL enabled for the /admin path? Seeya. Danny. On 23/07/2015 1:08 PM, Danny wrote: Hi all, I'm hoping someone can either replicate my issue or help me debug it. Using Mezzanine master (as of 23/7/15), on my deployed site, I can't select an image from the Media Library to insert it into a page when Inserting/Editing an image. This is editing via the main site's Yellow EDIT buttons, not on the admin side. (on the Admin side, it works) i.e. this button: The javascript error shown in the Firebug console is Error: Permission denied to access property tinymce on FB_TinyMCE4.js line 4, col 8 That script is, with line 4 in bold: var FileBrowserDialogue = { fileSubmit : function (FileURL) { parentWin = (!window.frameElement window.dialogArguments) || opener || parent || top; *tinymce = tinyMCE = parentWin.tinymce;* self.editor = tinymce.EditorManager.activeEditor; self.params = self.editor.windowManager.getParams(); parentWin.document.getElementById(self.params.input).value = FileURL; self.editor.windowManager.close(parentWin); } }; The same actions work perfectly fine when running development/DEBUG=True. The other problem that still persists in Mezzanine 4 (and has been around for a while, even with earlier TinyMCE versions), is that the Insert/Edit Link dialog does not pop up if editing a Page on the Admin side - I suspect this is because it is behind https/SSL here, and something is going wrong there. The error given in Firebug is Blocked loading mixed active content http://mydomain.com/displayable_links.js; Is there a workaround for loading the Filebrowser/TinyMCE content when behind https? There used to be an issue with the 'asset_proxy' prefix that could be solved by substituting the SLL Middleware, but I don't think that's the smart thing to do. These two are possibly the last hurdles I need resolved before upgrading my site to Mezzanine 4. Seeya. Danny. -- *Danny Sag* Chairperson Round World Events SA, Inc City of Small Gods Terry Pratchett Fan Club - http://cityofsmallgods.org.au *Nullus Anxietas VI - The Australian Discworld Convention* - http://ausdwcon.org The Discworld Grand Tour - Adelaide SA, August 4-6, 2017 -- *Danny Sag* Chairperson Round World Events SA, Inc City of Small Gods Terry Pratchett Fan Club - http://cityofsmallgods.org.au *Nullus Anxietas VI - The Australian Discworld Convention* - http://ausdwcon.org The Discworld Grand Tour - Adelaide SA, August 4-6, 2017 -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.