Modals and modal content with HTTPs

[Marco DeLuca]

Hi again,

So I'm gonna pile like 4 variables into one issue here:)

HTTPS, AOI running as a subdirectory, Relative Paths, and Public Assets. Here's the story:

I was never able to get passenger working, so I'm using Thin and Apache ProxyPass. Not ideal, but 10 hours of trying to figure out ruby, rails and gems is about all I can muster. Anyway, since we are running this in a subdirectory, I've had to include a little fix for the relative url, otherwise none of the public assets were loading. The fix was this: config.action_controller.relative_url_root = '/path/approot'

Now, that fix caused 2 issues that I've found so far. Toggling answers on/off in application.js had a hardcoded link that needed to be updated. That was easy. The other I havent been able to figure out yet. Bootstrap's modal, or ajax content whichever, is causing issues with loading unsecure (HTTP) content over HTTPS: Blocked loading mixed active content "http://mysite.com/subdir/choices/12"

Can you direct me to where I can fix that? Or, do you have a better suggestion for how to deal with HTTPS?

[Luke Baker]

Are you doing SSL termination in Apache and proxying to Thin? If so,
you'll want to be also setting the 'X-Forwarded-Proto' HTTP header to
'https' in the request that proxies to Thin. This tells Rails that it
should generate https links instead of http links. Something like this
in your virtualhost configuration should do the trick:

RequestHeader set X-Forwarded-Proto "https"

Hope that helps,

Luke

> --
> You received this message because you are subscribed to the Google Groups
> "All Our Ideas" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to allourideas...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

[Marco DeLuca]

I'll have to play around with that. There's definitely a bunch of stuff, on the results page: Blocked loading mixed active content "http://www.google.com/jsapi" etc. Thanks Luke.

[Luke Baker]

Marco,

We gladly accept pull requests in GitHub. If you figure out the proper
changes that'll work for both HTTP and HTTPS, we'd love to see a pull
request so we can integrate these changes into the primary code base
for everyone to benefit. Thanks!

Luke

[Marco DeLuca]

Hi Luke,

We've got a group of guys working on this right now. The question is, WHAT are we going to produce. We're dealing with a bunch of issues:

• Integrating AOI into a PHP application (CMS really) that extends functionality or fits into custom workflows
• Quick and easy deployment of AOI on Apache systems, as addon domains, subdirectories, maybe deployable with cPanel, who knows
• Improving the pairwise-api code - right now, I get too many repetitions
• Dealing with the fallout from customization – like HTTPs which is a bit of a nightmare.

At the end of the day, our work will make it back out to the community, but the question is in what form. Ruby/rails just isnt our core competency and at this point, my brain can't handle another framework:) There's a good chance that we're going to move away from the AOI rails app and build our own interface, but continue using pairwise-api and redis. So there may be more forking than anything else.

[Matthew J. Salganik]

Hi Marco,

We totally understand that you are dealing with many issues. Any bugs that you can report are a great help, and pull requests on github are even better. If you can submit some pull requests, we would be happy to write a blog post about your contribution. For example, here's a blog post about some contributions made by Vitor Baptista: http://blog.allourideas.org/post/30325590065/thank-you-vitor

Without these contributions, and the contributions of others, your installation experience would be even worse :)

Good luck,
Matt

> --
> You received this message because you are subscribed to the Google Groups "All Our Ideas" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to allourideas...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

---------
Matthew Salganik
Department of Sociology
Princeton University (on leave)
& Microsoft Research New York City
http://www.princeton.edu/~mjs3

[Marco DeLuca]

Problem is I dont really think they are bugs so much as the challenges of dealing with ruby and rails with various environments (CentOS, cPanel, etc). So far, I dont think I've found any bugs. I've found many places that we could improve flexibility in terms of making this easier to customize and adapt to different environments.

Really the only "complaint" so far in terms of existing features is the # of repetitions we get on pairwise-api. We're going to work on that shortly. We're just discussing the merits of different options, like: Not seeing the same pair ever (so 1 vote per pair period) or not seeing the same pair until all other pairs have been seen, etc. 

Statistical viability, identity authentication and personal security – so stuff like that. But those are all new features or enhancements. So... no bugs yet:)

[Matthew J. Salganik]

OK, thanks for clarifying Marco. 

As far as selecting the pairs, right now we are doing sampling with replacement, but I could see the argument for sampling without replacement.  Also, depending on what changes you make to pair selection algorithm, these might require changes in the way that the score is calculated; these two operations are closely linked.  

Take care,

Matt

--
You received this message because you are subscribed to the Google Groups "All Our Ideas" group.
To unsubscribe from this group and stop receiving emails from it, send an email to allourideas...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.