Skip to main content

IE Security Warning with QuickTime Object tags

By Will Beattie

 

I just received a bug report about the infamous Internet Explorer Security Warning for one of the pages in our application that serves video content over HTTPS.

iesecuritywarning

 

After viewing the source I found the offender which turned out to be the codebase attribute set to http://www.apple.com/qtactivex/qtplugin.cab.

<object id="videoObject" classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" 
            codebase="http://www.apple.com/qtactivex/qtplugin.cab" 
            width="330" height="292"> 
            <param name="src" value="https://securedomain/video.mp4" /> 
            <param name="controller" value="true" /> 
            <param name="autoplay" value="False" /> 
            <param name="scale" value="aspect" /> 
            <param name="cache" value="true"/>
            <param name="saveembedtags" value="true"/>
            <param name="postdomevents" value="true"/> 
               
            <!--[if IE] --> 
            <EMBED name="movie"
                height="292"
                width="330"
                scale="aspect"
                src="https://securedomain/video.mp4"
                type="video/quicktime"
                pluginspage="www.apple.com/quicktime/download"
                controller="true"
                autoplay="False"
            /> 
            <!--[endif]--> 
        </object>

The fix was just to change this to https. https://www.apple.com/qtactivex/qtplugin.cab. 

<object id="videoObject" classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" 
            codebase="https://www.apple.com/qtactivex/qtplugin.cab" 
            width="330" height="292"> 
            <param name="src" value="https://securedomain/video.mp4" /> 
            <param name="controller" value="true" /> 
            <param name="autoplay" value="False" /> 
            <param name="scale" value="aspect" /> 
            <param name="cache" value="true"/>
            <param name="saveembedtags" value="true"/>
            <param name="postdomevents" value="true"/> 
               
            <!--[if IE] --> 
            <EMBED name="movie"
                height="292"
                width="330"
                scale="aspect"
                src="https://securedomain/video.mp4"
                type="video/quicktime"
                pluginspage="www.apple.com/quicktime/download"
                controller="true"
                autoplay="False"
            /> 
            <!--[endif]--> 
        </object>

Fortunately our users have the option of choosing the HTML5 Video player meaning they don’t need to install any 3rd party plugins to view videos.

Labels:

Popular posts from this blog

Freeing Disk Space on C:\ Windows Server 2008

By Will Beattie
  I just spent the last little while trying to clear space on our servers in order to install .NET 4.5 . Decided to post so my future self can find the information when I next have to do this. I performed all the usual tasks: Deleting any files/folders from C:\windows\temp and C:\Users\%UserName%\AppData\Local\Temp Delete all EventViewer logs Save to another Disk if you want to keep them Remove any unused programs, e.g. Firefox Remove anything in C:\inetpub\logs Remove any file/folders C:\Windows\System32\LogFiles Remove any file/folders from C:\Users\%UserName%\Downloads Remove any file/folders able to be removed from C:\Users\%UserName%\Desktop Remove any file/folders able to be removed from C:\Users\%UserName%\My Documents Stop Windows Update service and remove all files/folders from C:\Windows\SoftwareDistribution Deleting an Event Logs Run COMPCLN.exe Move the Virtual Memory file to another disk However this wasn’t enough & I found the most space...
Read more

CPF Contribution Rates for new Singapore Permanent Residents (SPR’s)

By Will Beattie
Recently my wife and I applied and got approved for Singapore Permanent Residency. After completing the formalities the most significant immediate change is the contribution to CPF which is Singapore’s mandatory social security savings scheme requiring contributions from employers and employees. CPF contributions start from the date you obtain SPR status, which is the date of the entry permit.   Being a relentless budgeter I needed to know exactly how much I and my employer would have to contribute so that I could adjust my budget accordingly as the employee contributions get deducted from the monthly salary. After doing some research I discovered that there is a “graduated” approach to CPF contributions for new SPR’s where the contributions gradually increase in the first and second year and then upon reaching the third year are at the full amount. Note: There is an option for employers to contribute the full amount for year 1 and year 2 and the employee can use the gra...
Read more

Serverless Architecture with AWS Lambda, API Gateway, Cloudfront, S3 and DynamoDB

By Will Beattie
  If 2015 saw the rise of Docker Containers & Micro-services then 2016 is undoubtedly going to be about Serverless architecture . Late in 2015 AWS announced a preview of a service called AWS Lambda moving from a pure IaaS provider into the PaaS world with one feel swoop. Now AWS is releasing so many new services and features a week that you may have missed this, but in my opinion it is a game changer and I’m going to try to demonstrate why. What on earth is Lambda? “AWS Lambda is a compute service that runs your code in response to events and automatically manages the underlying compute resources for you.” “When using AWS Lambda, you are responsible only for your code. AWS Lambda manages the compute fleet that offers a balance of memory, CPU, network, and other resources.” Just think about those statements for a second,  In developer terms a Lambda is simply a single function with an input and output, forget microservices this is a nanoservice.  At the time o...
Read more