Return to Project-GC

Welcome to Project-GC Q&A. Ask questions and get answers from other Project-GC users.

If you get a good answer, click the checkbox on the left to select it as the best answer.

Upvote answers or questions that have helped you.

If you don't get clear answers, edit your question to make it clearer.

+2 votes
595 views
After implementing a link to the PGC challenge checker in c:geo (available in current nightly builds) I have recognized the checker is not working on the opened page.

While digging deeper I think it is caused by the fact that we call the site with https like this:
https://project-gc.com/Challenges/GC3RG33

If you use that link and execute the checker an error is shown.

Calling http://project-gc.com/Challenges/GC3RG33 it works normal.

Link to c:geo bugracker:

https://github.com/cgeo/cgeo/issues/6224

We could implement a workaround to call http instead, however I think it should be fixed anyway on PGC.
Please kindly tell us (in the linked issue) how to proceed.

Thanks,

Lineflyer
c:geo team
closed with the note: Solved
in Bug reports by Lineflyer (4.5k points)
closed by Lineflyer
The problem is that the request from page loaded over HTTPS goes over HTTP to

    http://lua2.project-gc.com/ajax/challenges.php

and it is blocked by the browsers these days, as considered insecure:

    Blocked loading mixed active content “http://lua2.project-gc.com/ajax/challenges.php”[Learn More]

and therefore it fails. Problem is, that the above domain is not accessible using HTTPS (browser throws security error), which should get fixed.

1 Answer

+2 votes
As Jakuje mentions, the problem is that the web browsers denies access to http pages when the user requested a https page. For chrome this can be changed in the right side of the location bar when it happens. Quite similar to when a popup is denied.

We do have a fix for this specific mixed content issue in our development environment, but it hasn't been tested yet. Our development environment doesn't execute LUA scripts in the same way as the production servers does. In other words, to be sure it works will have to release it to test it, that might happen next week.
by magma1447 (Admin) (241k points)
It's not only related to the challenge checkers, it's also happens e.g. at https://project-gc.com/Tools/MapHiddenMonth
Just tell us when the change is done and I will test it based from c:geo.
@storc I don't see any related issue with that page.

@Lineflyer: An incomplete fix was released yesterday. An adjustment of the httpd that I just did made it work. It should work now...
@ganja1447 it's not related to Challenges, but it has the same HTTPS page with HTTP (unsafe-)scripts problem.
@storc We have a patch in our development environment that will solve at least that page. We have found two JS script that didn't follow the protocol used. One being related to ads (which most would just appreciate), the other related to a map plugin. Expect a release later today.
Seems to work now. Can you confirm?
@ganja1447 thanks, it's working now
...