Danger! Insecure Clock!

Dangerous scriptsSunday night during the live show, we noticed a big problem with the page for the live show, podfeet.com/live. It wasn’t showing all of the elements of the page. At the top when it’s working properly, you should see a clock that tells you what time it is at my house. It’s not that I’m a narcissist, it’s there because I do the live show at 5pm where I am, so if you go to the page and it’s not live when you think it should be, you can check your time zone math by looking at the clock.

Also not showing was the live video from YouTube, which is essentially the whole point of the live show! I was alerted to the missing elements first by Steve but I assumed it was a problem on his computer, but then the live chatroom confirmed both the clock and video were missing.

I figured out what the problem was fairly quickly. Bart and I worked just a few weeks back to get podfeet.com set up as a secure website, buying a certificate and enabling it through my web host. Right before the live show, I edited the .htaccess page for my web server to give it a permanent 301 redirect so that any time http is requested, go to https instead.

The reason that affected the live show page is because the two elements in question, the clock and the live video, are both embedded http links. In the old days, a browser would put a giant popup on screen to tell you that there were insecure elements on the page, but people just said yes and went on their merry way. Instead, now browsers simply block insecure content on secure pages. Makes a bit more sense, right?

Now of course there’s nothing on podfeet.com that really requires security because you’re not putting your bank account info in anywhere, in fact other than writing text comments, you’re not entering any content at all. However it’s a bit alarming,, say in Chrome when you notice the red X in the url bar saying DANGER! INSECURE CONTENT!

The good news is that the video is pretty easy to fix. Every week Steve copies the embed link from the Hangout on Air into the Live Show page (podfeet.com/live), so now he needs to remember to put an “s” on the end of the http. That’s not a process fraught with danger at all, is it? I hope someone reads or hears this and remembers it for me just in case Steve is out of town at some point and I have to do it!

The clock is a bit more problematic because adding the “s” doesn’t fix it. Bart rubbed his hands together with delight though. He said he’s been searching for the right project for us to program in Programming By Stealth, and he says this would be a perfect thing for us to build! I’m super excited, and have no clue how we’ll even start but I’m sure looking forward to it.

Scroll to top