Skip to main content

IE Security Warning with QuickTime Object tags

 

I just received a bug report about the infamous Internet Explorer Security Warning for one of the pages in our application that serves video content over HTTPS.

iesecuritywarning

 

After viewing the source I found the offender which turned out to be the codebase attribute set to http://www.apple.com/qtactivex/qtplugin.cab.

<object id="videoObject" classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" 
            codebase="http://www.apple.com/qtactivex/qtplugin.cab" 
            width="330" height="292"> 
            <param name="src" value="https://securedomain/video.mp4" /> 
            <param name="controller" value="true" /> 
            <param name="autoplay" value="False" /> 
            <param name="scale" value="aspect" /> 
            <param name="cache" value="true"/>
            <param name="saveembedtags" value="true"/>
            <param name="postdomevents" value="true"/> 
               
            <!--[if IE] --> 
            <EMBED name="movie"
                height="292"
                width="330"
                scale="aspect"
                src="https://securedomain/video.mp4"
                type="video/quicktime"
                pluginspage="www.apple.com/quicktime/download"
                controller="true"
                autoplay="False"
            /> 
            <!--[endif]--> 
        </object> 

The fix was just to change this to https. https://www.apple.com/qtactivex/qtplugin.cab.

<object id="videoObject" classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" 
            codebase="https://www.apple.com/qtactivex/qtplugin.cab" 
            width="330" height="292"> 
            <param name="src" value="https://securedomain/video.mp4" /> 
            <param name="controller" value="true" /> 
            <param name="autoplay" value="False" /> 
            <param name="scale" value="aspect" /> 
            <param name="cache" value="true"/>
            <param name="saveembedtags" value="true"/>
            <param name="postdomevents" value="true"/> 
               
            <!--[if IE] --> 
            <EMBED name="movie"
                height="292"
                width="330"
                scale="aspect"
                src="https://securedomain/video.mp4"
                type="video/quicktime"
                pluginspage="www.apple.com/quicktime/download"
                controller="true"
                autoplay="False"
            /> 
            <!--[endif]--> 
        </object> 

Fortunately our users have the option of choosing the HTML5 Video player meaning they don’t need to install any 3rd party plugins to view videos.

Comments

Popular posts from this blog

Freeing Disk Space on C:\ Windows Server 2008

I just spent the last little while trying to clear space on our servers in order to install .NET 4.5. Decided to post so my future self can find the information when I next have to do this. I performed all the usual tasks: Deleting any files/folders from C:\windows\temp and C:\Users\%UserName%\AppData\Local\TempDelete all EventViewer logs Save to another Disk if you want to keep themRemove any unused programs, e.g. FirefoxRemove anything in C:\inetpub\logsRemove any file/folders C:\Windows\System32\LogFilesRemove any file/folders from C:\Users\%UserName%\DownloadsRemove any file/folders able to be removed from C:\Users\%UserName%\DesktopRemove any file/folders able to be removed from C:\Users\%UserName%\My DocumentsStop Windows Update service and remove all files/folders from C:\Windows\SoftwareDistributionDeleting an Event Logs Run COMPCLN.exe Move the Virtual Memory file to another disk However this wasn’t enough & I found the most space was cleared by using the Disk Cleanup to…

Consuming the SSRS ReportExecutionService from a .NET Client

I’ve just finished writing a nice wrapper which internally calls the SSRS ReportExecutionService to generate reports.
Whilst it was fairly simple to implement there has been some major changes between 2005 and 2008 and the majority of online and documentation is based on the 2005 implementation. The most important change is that the Report Server and Report Manager are no longer hosted in IIS which will be a welcomed change to Sys Admins but makes the security model and hosting model vastly different. So far I’ve yet to figure out how to allow Anonymous Access, if anyone knows how to do this leave a comment and it will be most appreciated. Getting StartedTo get started you’ll want to add a service reference to http://localhost/ReportServer_SQL2008/ReportExecution2005.asmx where ReportServer_SQL2008 is the name you configure in the Reporting Services Configuration Manager. The Web Application files are located in C:\Program Files\Microsoft SQL Server\MSRS10.SQL2008\Reporting Servic…

Implementing Custom Castle Windsor Facilities

If you’ve been following my posts you would know that I love Castle Windsor. One of the many useful features I have found is the Facility and I’m going to try and give a good example how you can make use of this. In a recent post I showed how you can add Cross-Cutting concerns to your application by using Interceptors.Now when configuring the Container you can explicitly configure each Interceptor per Service but when you have lot’s of components it can get pretty hard to maintain after a while and can also introduce subtle issues if someone forgets to configure it correctly.Below is how you would configure your Container without using a Facility. On the last line we are specifying the Interceptor explicitly. public void Configure() { container = new WindsorContainer(); container.Register( Component.For<CacheInterceptor>(), Component.For<ICacheProvider>() .ImplementedBy<WebCache…