05189: IE Non-Secure Warnings on HTTPS survey - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

05189	Bug reports	Survey taking	public	2011-05-21 06:44	2012-03-14 21:08

Reporter	medicnick	Assigned To	tpartner
Priority	urgent	Severity	partial_block
Status	closed	Resolution	fixed
Product Version	1.91
Fixed in Version	1.91+

Summary	05189: IE Non-Secure Warnings on HTTPS survey
Description	In IE8 (maybe other versions also) users are asked if they want to view content from non-secure sources. In Chrome (12) there is also a security warning with red padlock. I have determined this is caused by a maps script that seems to be called by survey_runtime.js although I can't find the explicit call. It returns a google mapping script (see below) called maps that contains non-secure links. var G_INCOMPAT = false;function GScript(src) {document.write('<' + 'script src="' + src + '"' +' type="text/javascript"><' + '/script>');}function GBrowserIsCompatible() {if (G_INCOMPAT) return false;return true;}function GApiInit() {if (GApiInit.called) return;GApiInit.called = true;window.GAddMessages && GAddMessages({160: '\x3cH1\x3eServer Error\x3c/H1\x3eThe server encountered a temporary error and could not complete your request.\x3cp\x3ePlease try again in a minute or so.\x3c/p\x3e',1415: '.',1416: ',',1547: 'mi',1616: 'km',4100: 'm',4101: 'ft',10018: 'Loading...',10021: 'Zoom In',10022: 'Zoom Out',10024: 'Drag to zoom',10029: 'Return to the last result',10049: 'Map',10050: 'Satellite',10093: 'Terms of Use',10111: 'Map',10112: 'Sat',10116: 'Hybrid',10117: 'Hyb',10120: 'We are sorry, but we don\x27t have maps at this zoom level for this region.\x3cp\x3eTry zooming out for a broader look.\x3c/p\x3e',10121: 'We are sorry, but we don\x27t have imagery at this zoom level for this region.\x3cp\x3eTry zooming out for a broader look.\x3c/p\x3e',10507: 'Pan left',10508: 'Pan right',10509: 'Pan up',10510: 'Pan down',10511: 'Show street map',10512: 'Show satellite imagery',10513: 'Show imagery with street names',10806: 'Click to see this area on Google Maps',10807: 'Traffic',10808: 'Show Traffic',10809: 'Hide Traffic',12150: '%1$s on %2$s',12151: '%1$s on %2$s at %3$s',12152: '%1$s on %2$s between %3$s and %4$s',10985: 'Zoom in',10986: 'Zoom out',11047: 'Center map here',11089: '\x3ca href\x3d\x22javascript:void(0);\x22\x3eZoom In\x3c/a\x3e to see traffic for this region',11259: 'Full-screen',11751: 'Show street map with terrain',11752: 'Style:',11757: 'Change map style',11758: 'Terrain',11759: 'Ter',11794: 'Show labels',11303: 'Street View Help',11274: 'To use street view, you need Adobe Flash Player version %1$d or newer.',11382: 'Get the latest Flash Player.',11314: 'We\x27re sorry, street view is currently unavailable due to high demand.\x3cbr\x3ePlease try again later!',1559: 'N',1560: 'S',1561: 'W',1562: 'E',1608: 'NW',1591: 'NE',1605: 'SW',1606: 'SE',11907: 'This image is no longer available',10041: 'Help',12471: 'Current Location',12492: 'Earth',12823: 'Google has disabled usage of the Maps API for this application. See the Terms of Service for more information: %1$s.',12822: 'http://code.google.com/apis/maps/terms.html',12915: 'Improve the map',12916: 'Google, Europa Technologies',13171: 'Hybrid 3D',0: ''});}var GLoad;(function() {GLoad = function(apiCallback) {var callee = arguments.callee;GApiInit();var opts = {export_legacy_names:true,tile_override:[{maptype:0,min_zoom:7,max_zoom:7,rect:[{lo:{lat_e7:330000000,lng_e7:1246050000},hi:{lat_e7:386200000,lng_e7:1293600000}},{lo:{lat_e7:366500000,lng_e7:1297000000},hi:{lat_e7:386200000,lng_e7:1320034790}}],uris:["http://mt0.gmaptiles.co.kr/mt/v=kr1.13\x26hl=en\x26src=api\x26","http://mt1.gmaptiles.co.kr/mt/v=kr1.13\x26hl=en\x26src=api\x26","http://mt2.gmaptiles.co.kr/mt/v=kr1.13\x26hl=en\x26src=api\x26","http://mt3.gmaptiles.co.kr/mt/v=kr1.13\x26hl=en\x26src=api\x26"]},{maptype:0,min_zoom:8,max_zoom:9,rect:[{lo:{lat_e7:330000000,lng_e7:1246050000},hi:{lat_e7:386200000,lng_e7:1279600000}},{lo:{lat_e7:345000000,lng_e7:1279600000},hi:{lat_e7:386200000,lng_e7:1286700000}},{lo:{lat_e7:348900000,lng_e7:1286700000},hi:{lat_e7:386200000,lng_e7:1293600000}},{lo:{lat_e7:354690000,lng_e7:1293600000},hi:{lat_e7:386200000,lng_e7:1320034790}}],uris:["http://mt0.gmaptiles.co.kr/mt/v=kr1.13\x26hl=en\x26src=api\x26","http://mt1.gmaptiles.co.kr/mt/v=kr1.13\x26hl=en\x26src=api\x26","http://mt2.gmaptiles.co.kr/mt/v=kr1.13\x26hl=en\x26src=api\x26","http://mt3.gmaptiles.co.kr/mt/v=kr1.13\x26hl=en\x26src=api\x26"]},{maptype:0,min_zoom:10,max_zoom:19,rect:[{lo:{lat_e7:329890840,lng_e7:1246055600},hi:{lat_e7:386930130,lng_e7:1284960940}},{lo:{lat_e7:344646740,lng_e7:1284960940},hi:{lat_e7:386930130,lng_e7:1288476560}},{lo:{lat_e7:350277470,lng_e7:1288476560},hi:{lat_e7:386930130,lng_e7:1310531620}},{lo:{lat_e7:370277730,lng_e7:1310531620},hi:{lat_e7:386930130,lng_e7:1320034790}}],uris:["http://mt0.gmaptiles.co.kr/mt/v=kr1.13\x26hl=en\x26src=api\x26","http://mt1.gmaptiles.co.kr/mt/v=kr1.13\x26hl=en\x26src=api\x26","http://mt2.gmaptiles.co.kr/mt/v=kr1.13\x26hl=en\x26src=api\x26","http://mt3.gmaptiles.co.kr/mt/v=kr1.13\x26hl=en\x26src=api\x26"]},{maptype:3,min_zoom:7,max_zoom:7,rect:[{lo:{lat_e7:330000000,lng_e7:1246050000},hi:{lat_e7:386200000,lng_e7:1293600000}},{lo:{lat_e7:366500000,lng_e7:1297000000},hi:{lat_e7:386200000,lng_e7:1320034790}}],uris:["http://mt0.gmaptiles.co.kr/mt/v=kr1p.12\x26hl=en\x26src=api\x26","http://mt1.gmaptiles.co.kr/mt/v=kr1p.12\x26hl=en\x26src=api\x26","http://mt2.gmaptiles.co.kr/mt/v=kr1p.12\x26hl=en\x26src=api\x26","http://mt3.gmaptiles.co.kr/mt/v=kr1p.12\x26hl=en\x26src=api\x26"]},{maptype:3,min_zoom:8,max_zoom:9,rect:[{lo:{lat_e7:330000000,lng_e7:1246050000},hi:{lat_e7:386200000,lng_e7:1279600000}},{lo:{lat_e7:345000000,lng_e7:1279600000},hi:{lat_e7:386200000,lng_e7:1286700000}},{lo:{lat_e7:348900000,lng_e7:1286700000},hi:{lat_e7:386200000,lng_e7:1293600000}},{lo:{lat_e7:354690000,lng_e7:1293600000},hi:{lat_e7:386200000,lng_e7:1320034790}}],uris:["http://mt0.gmaptiles.co.kr/mt/v=kr1p.12\x26hl=en\x26src=api\x26","http://mt1.gmaptiles.co.kr/mt/v=kr1p.12\x26hl=en\x26src=api\x26","http://mt2.gmaptiles.co.kr/mt/v=kr1p.12\x26hl=en\x26src=api\x26","http://mt3.gmaptiles.co.kr/mt/v=kr1p.12\x26hl=en\x26src=api\x26"]},{maptype:3,min_zoom:10,rect:[{lo:{lat_e7:329890840,lng_e7:1246055600},hi:{lat_e7:386930130,lng_e7:1284960940}},{lo:{lat_e7:344646740,lng_e7:1284960940},hi:{lat_e7:386930130,lng_e7:1288476560}},{lo:{lat_e7:350277470,lng_e7:1288476560},hi:{lat_e7:386930130,lng_e7:1310531620}},{lo:{lat_e7:370277730,lng_e7:1310531620},hi:{lat_e7:386930130,lng_e7:1320034790}}],uris:["http://mt0.gmaptiles.co.kr/mt/v=kr1p.12\x26hl=en\x26src=api\x26","http://mt1.gmaptiles.co.kr/mt/v=kr1p.12\x26hl=en\x26src=api\x26","http://mt2.gmaptiles.co.kr/mt/v=kr1p.12\x26hl=en\x26src=api\x26","http://mt3.gmaptiles.co.kr/mt/v=kr1p.12\x26hl=en\x26src=api\x26"]}],jsmain:"http://maps.gstatic.com/intl/en_us/mapfiles/340c/maps2.api/main.js",obliques_urls:["http://khmdb0.google.com/kh?v=38\x26","http://khmdb1.google.com/kh?v=38\x26"],token:2229308518,jsmodule_base_url:"http://maps.gstatic.com/intl/en_us/mapfiles/340c/maps2.api",generic_tile_urls:["http://mt0.google.com/vt?hl=en\x26src=api\x26","http://mt1.google.com/vt?hl=en\x26src=api\x26"]};var pageArgs = {};apiCallback(["http://mt0.google.com/vt/lyrs\x3dm@155\x26hl\x3den\x26src\x3dapi\x26","http://mt1.google.com/vt/lyrs\x3dm@155\x26hl\x3den\x26src\x3dapi\x26"], ["http://khm0.google.com/kh/v\x3d86\x26","http://khm1.google.com/kh/v\x3d86\x26"], ["http://mt0.google.com/vt/lyrs\x3dh@155\x26hl\x3den\x26src\x3dapi\x26","http://mt1.google.com/vt/lyrs\x3dh@155\x26hl\x3den\x26src\x3dapi\x26"],"ABQIAAAAPFv1AQU5oNr16UvL7gaARhR2EIQAYEyMOUgTTPBvdt3EBrOPCxTlwJFqzMPMaav_1gWS1TjOKPeqYw","","",true,"google.maps.",opts,["http://mt0.google.com/vt/lyrs\x3dt@126,r@155\x26hl\x3den\x26src\x3dapi\x26","http://mt1.google.com/vt/lyrs\x3dt@126,r@155\x26hl\x3den\x26src\x3dapi\x26"],null ,pageArgs);if (!callee.called) {callee.called = true;}}})();function GUnload() {if (window.GUnloadApi) {GUnloadApi();}}var _mIsRtl = false;var _mF = [ ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"http://cbk0.google.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"","1",,,,,,,,,,,,,,,,,,,true,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"",,false,0,true,true,true,true,,,,,,,"windows-ie,windows-firefox,windows-chrome,macos-safari,macos-firefox,macos-chrome",,,0,0,0,,,,,,false,,,,,,,,,"",,,,,true,"4:http://mt%1$d.google.com/vt?lyrs\x3dm@999999\x26style\x3dmapmaker\x26","4:http://mt%1$d.google.com/vt?lyrs\x3dh@999999\x26style\x3dmapmaker\x26",,false,,,0.25,,,,,,,,,,,,,,,,,false,"https://cbks0.google.com",,,,,,,,,,,,,,,,,,,,false,false,,,,true,"http://mt0.google.com/vt/ft",,,,,,,,,,,,,,,,,,0,,,,,true,,,,,,,,,,,,,,,,,,false,,,,,,,,,,,,,,,,,,,true,,,,,,,,,,,,,,,,"4:https://mt%1$d.google.com/vt?lyrs\x3dm@999999\x26style\x3dmapmaker\x26","4:https://mt%1$d.google.com/vt?lyrs\x3dh@999999\x26style\x3dmapmaker\x26" ];var _mHost = "http://maps.google.com";var _mUri = "/maps";var _mDomain = "google.com";var _mStaticPath = "http://maps.gstatic.com/intl/en_us/mapfiles/";var _mJavascriptVersion = G_API_VERSION = "340c";var _mTermsUrl = "http://www.google.com/intl/en_us/help/terms_maps.html";var _mLocalSearchUrl = "http://www.google.com/uds/solutions/localsearch/gmlocalsearch.js";var _mHL = "en";var _mGL = "us";var _mTrafficEnableApi = true;var _mTrafficTileServerUrls = ["http://mt0.google.com/mapstt","http://mt1.google.com/mapstt","http://mt2.google.com/mapstt","http://mt3.google.com/mapstt"];var _mCityblockLatestFlashUrl = "http://maps.google.com/local_url?q=http://www.adobe.com/shockwave/download/download.cgi%3FP1_Prod_Version%3DShockwaveFlash&dq=&file=api&v=2&key=ABQIAAAAPFv1AQU5oNr16UvL7gaARhR2EIQAYEyMOUgTTPBvdt3EBrOPCxTlwJFqzMPMaav_1gWS1TjOKPeqYw&s=ANYYN7manSNIV_th6k0SFvGB4jz36is1Gg";var _mCityblockFrogLogUsage = false;var _mCityblockInfowindowLogUsage = true;var _mCityblockUseSsl = false;var _mSatelliteToken = "fzwq2qTGJR2YotRqgz8CcKDa-vOy_dqlx6xaVA";var _mMapCopy = "Map data \x26#169;2011 ";var _mSatelliteCopy = "Imagery \x26#169;2011 ";var _mGoogleCopy = "\x26#169;2011 Google";var _mPreferMetric = false;var _mDirectionsEnableApi = true;var _mLayersTileBaseUrls = ['http://mt0.google.com/mapslt','http://mt1.google.com/mapslt','http://mt2.google.com/mapslt','http://mt3.google.com/mapslt'];var _mLayersFeaturesBaseUrl = "http://mt0.google.com/vt/ft";function GLoadMapsScript() {if (!GLoadMapsScript.called && GBrowserIsCompatible()) {GLoadMapsScript.called = true;GScript("http://maps.gstatic.com/intl/en_us/mapfiles/340c/maps2.api/main.js");}}(function() {if (!window.google) window.google = {};if (!window.google.maps) window.google.maps = {};var ns = window.google.maps;ns.BrowserIsCompatible = GBrowserIsCompatible;ns.Unload = GUnload;})();GLoadMapsScript();[/code]
Steps To Reproduce	Access a Limesurvey using IE?
Tags	No tags attached.

Bug heat	8
Complete LimeSurvey version number (& build)	10108
I will donate to the project if issue is resolved	No
Browser	IE8, Chrome 12
Database type & version	MSSQL R2
Server OS (if known)	WIN 2008
Webserver software & version (if known)	IIS7.5
PHP Version	5.2.5

User List	tpartner

medicnick 2011-05-21 06:57 reporter ~15083	qanda.php about line 4819 changed (the openlayers link fails if made secure) but this did not resolve the issue. This is also discussed at http://code.google.com/apis/maps/faq.html#ssl but I'm not sure which API is being used here: if ($qidattributes['location_mapservice']==1) $js_header_includes[] = "https://maps.google.com/maps?file=api&v=2&sensor=false&key={$googleMapsAPIKey}"; elseif ($qidattributes['location_mapservice']==2) $js_header_includes[] = "http://www.openlayers.org/api/OpenLayers.js";

c_schmitz 2011-05-21 23:19 administrator ~15084	I don't think there is a way to solve this. As the Google maps FAQ says as long as you are not Premier Maps customer the SSL website will warn about non-safe content.

medicnick 2011-05-22 06:18 reporter ~15085 Last edited: 2011-05-22 06:21	At the link I provided it says (markup mine):Can the Google Maps APIs be accessed over SSL (HTTPS)? The Google Maps JavaScript API V3, Google Static Maps API, and Google Maps API Web Services can be accessed over secure (HTTPS) connections by developers using <<<either the free version>>> of these APIs or Google Maps API Premier. Please see the documentation for the API concerned for information on how to access the API over SSL. Are you using API V3? If not, can you? If you can't can you provide a setting to disable the Google Maps API when a LS is being hosted on a HTTPS connection? The site also says that V2 API has been deprecated: http://code.google.com/apis/maps/documentation/javascript/ Here is the direct link to the new API for use in applications such as LS: http://code.google.com/apis/maps/documentation/javascript/basics.html#HTTPS

c_schmitz 2011-05-22 09:38 administrator ~15086	Accessing the API over SSL will not remove the warning, because it is a different SSL server. That's why you need the Premier Maps API which masks the acccess. The key sentences is 'If these Maps APIs are used with a free Maps API key on a secure site, the browser may warn the user about non-secure objects on the screen. ' So you do need a Premier MAPs API key, which costs money and/or is part of the business package.

medicnick 2011-05-23 05:03 reporter ~15089	With respect, I think you are mixing a different security issue with the one I mentioned. In my case, users are being asked if they want to load insecure content with secure content. This is well documented to be related to scripts calling HTTP links while from a HTTPS page. I confirmed this behavior. The API call to the HTTP://maps.google.com.... link is causing this major security warning. Google describes how this has been resolved in API3 (http://code.google.com/apis/maps/documentation/javascript/basics.html#HTTPS). I tested this by changing qanda.php and template.js to the format described in that link. That was successful in eliminating the security warning but also broke the maps. The survey_runtime.js mapping code is not for API3 so won't work without modification. API2 has been deprecated by Google and does not support HTTPS functionality but API3 does. I was successful in eliminating the security warning but also in breaking maps.

c_schmitz 2011-07-21 17:48 administrator ~15815	Tony, would you be interested in working this? It is very JS heavy ;).

tpartner 2011-07-22 00:55 partner ~15823	I can look into it but it will be several weeks. I have several large projects on the go and vacation coming (I hope).

c_schmitz 2011-07-22 15:34 administrator ~15829	Ok, guess there is no hurry.

tpartner 2011-08-10 21:00 partner ~16011	Carsten, I don't think we can fix this without moving to Google Maps API V3. Do you want to go there?

c_schmitz 2011-08-11 09:04 administrator ~16015	Sure. Depends more on you, if you like to do it ;)?

c_schmitz 2011-08-11 18:33 administrator ~16028	Otherwise we can make a GCI task of it.

tpartner 2011-08-11 18:45 partner ~16031	I'll look into it. I may ask for some help with the HTTPS switch.

tpartner 2011-08-12 17:14 partner ~16050	I have moved the maps to API V3 (and fixed some other small bugs). In quanda.php (around line 4841), I added a switch for the API URL when using HTTPS. Carsten, could you please check that new code before I close the bug?

tpartner 2011-08-15 13:23 partner ~16058	I've modified my code in quanda.php - it was throwing an error.

tpartner 2011-09-11 13:20 partner ~16264	Carsten, could you please check the fix in quanda.php? Thanks.

c_schmitz 2011-10-18 17:32 administrator ~16443	Looks great. Thank you very much!

LimeSurvey: Yii 0841640d 2011-08-12 08:04:44 tpartner Details Diff	Fixed issue 05189: IE Non-Secure Warnings on HTTPS survey Dev Moved to Google Maps API V3 Added switch for API link when using HTTPS Dev Add map reset function - called when map question shown by conditions git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey_ci@10708 b72ed6b6-b9f8-46b5-92b4-906544132732	Affected Issues 05189
	mod - application/helpers/qanda_helper.php	Diff File
	mod - application/libraries/Group_format.php	Diff File
	mod - application/libraries/Survey_format.php	Diff File
	mod - scripts/survey_runtime.js	Diff File
LimeSurvey: Yii e597d04b 2011-08-15 04:22:46 tpartner Details Diff	Fixed issue 05189: IE Non-Secure Warnings on HTTPS survey Dev Fix switch for API link when using HTTPS git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey_ci@10733 b72ed6b6-b9f8-46b5-92b4-906544132732	Affected Issues 05189
	mod - application/helpers/qanda_helper.php	Diff File

Date Modified	Username	Field	Change
2011-05-21 06:44	medicnick	New Issue
2011-05-21 06:57	medicnick	Note Added: 15083
2011-05-21 23:19	c_schmitz	Note Added: 15084
2011-05-21 23:20	c_schmitz	Assigned To	=> c_schmitz
2011-05-21 23:20	c_schmitz	Status	new => feedback
2011-05-22 06:18	medicnick	Note Added: 15085
2011-05-22 06:18	medicnick	Status	feedback => assigned
2011-05-22 06:21	medicnick	Note Edited: 15085
2011-05-22 09:38	c_schmitz	Note Added: 15086
2011-05-23 05:03	medicnick	Note Added: 15089
2011-05-29 08:27	c_schmitz	Status	assigned => acknowledged
2011-07-21 17:47	c_schmitz	Issue Monitored: tpartner
2011-07-21 17:48	c_schmitz	Note Added: 15815
2011-07-22 00:55	tpartner	Note Added: 15823
2011-07-22 15:34	c_schmitz	Note Added: 15829
2011-07-22 16:26	c_schmitz	Assigned To	c_schmitz => tpartner
2011-07-22 16:26	c_schmitz	Status	acknowledged => assigned
2011-08-10 21:00	tpartner	Note Added: 16011
2011-08-11 09:04	c_schmitz	Note Added: 16015
2011-08-11 18:33	c_schmitz	Note Added: 16028
2011-08-11 18:45	tpartner	Note Added: 16031
2011-08-12 17:14	tpartner	Note Added: 16050
2011-08-12 17:14	tpartner	Status	assigned => feedback
2011-08-15 13:23	tpartner	Note Added: 16058
2011-09-11 13:20	tpartner	Note Added: 16264
2011-09-11 13:20	tpartner	Assigned To	tpartner => c_schmitz
2011-09-11 13:20	tpartner	Status	feedback => assigned
2011-10-18 17:31	c_schmitz	Assigned To	c_schmitz => tpartner
2011-10-18 17:32	c_schmitz	Note Added: 16443
2011-10-18 17:32	c_schmitz	Status	assigned => resolved
2011-10-18 17:32	c_schmitz	Fixed in Version	=> 1.91+
2011-10-18 17:32	c_schmitz	Resolution	open => fixed
2011-10-18 17:32	c_schmitz	Status	resolved => closed
2012-03-14 21:08	tpartner	Changeset attached	=> Import 2012-03-09 13:30:34 Yii e597d04b
2012-03-14 21:08	tpartner	Changeset attached	=> Import 2012-03-09 13:30:34 Yii 0841640d
2021-08-03 03:33	guest	Bug heat	6 => 8

View Issue Details

Users monitoring this issue

Activities

Related Changesets

Issue History