1

I have a HTTPS enabled site, I use a javascript/html5 audio plugin to stream mp3 here. Chrome and other browsers are blocking streaming url as insecure contents. User needs to ALLOW BLOCKED CONTENT manually. 

My Site : https://www.domain.com
Streaming URL : http://100.160.240.230:8000/high

Javascript code snippet : 

<script type="text/javascript">
$(document).ready(function(){
   var stream = { mp3: "http://100.160.240.230:8000" },
   ready = false;   $("#jquery_jplayer_1").jPlayer({
   ready: function () {ready = true; $(this).jPlayer("setMedia", stream).jPlayer("play"); },
   pause: function() {$(this).jPlayer("clearMedia");}, error: function(event) {
    if(ready && event.jPlayer.error.type === $.jPlayer.error.URL_NOT_SET) {
        $(this).jPlayer("setMedia", stream).jPlayer("play"); }},
   solution: "flash, html", swfPath: "/player/flash/player.swf", supplied: "mp3" });});
</script>

Is there anyway to solve it without having a secure streaming url? I really can't manage a secure steaming url now.

Sayed Imteaj
  • 17
  • 8

2 Answers2

0

By using https, you display a green lock to your visitors.

If you want to make http request, it's mean you want to lie to your visitors.

Don't do that. (and browsers will stop you or remove the green lock, for the same reason - called mixed content)

Tom
  • 4,666
  • 2
  • 29
  • 48
  • @deceze It's not secondary, it's the only way for them to know it's secure. When you a have a form asking for passwords, if the webpage display a lock, it's probably secure, if it doesn't, maybe the iframe or ajax request is secure, but you can't know. – Tom Feb 15 '16 at 09:23
  • Yeah, the lock is a *visual indication* that the site is secure. But without actual security it would be pretty pointless. HTTPS gives you *security* first, and mixing in an HTTP connection would undermine that security. Taking about a visual indicator without backing that with any real information about why that lock is there at all is a bit simplistic. – deceze Feb 15 '16 at 09:25
  • @deceze Yes (And apparently some people doesn't care much about the security of their users...) – Tom Feb 15 '16 at 09:27
0

As @deceze mentioned, once you commit to HTTPS; there is no way browsers will allow you to display mixed content. If you are willing to buy a domain or create a subdomain (cheap, I guess), Then

  1. Point your server to that domain.
  2. Use services like Cloudflare, who give you https (free). https://www.cloudflare.com/plans/.

So, all the info being passed through, will be from cloudflare HTTPS servers, you wont get those mixed content warnings.

I am assuming, that the IP is publicly accessible.

Hope that helps!

Jeremy Rajan
  • 662
  • 3
  • 12