phantomjs nested iframe bug

72 views
Skip to first unread message

Scott Cytacki

unread,
Apr 28, 2015, 10:37:00 AM4/28/15
to cc developers
I was just looking around our S3 buckets, and found this:
and this

Aaron do you remember these? They were created in May 2014.
They don't currently work probably because of changes to the snapshot server.

Noah was just wresting with something similar, and figured out upgrading phantomjs fixed it. 
It seems like we ran into the same issue a year ago, found a fix, and then forgot about it.

I found this thread on shutterbug-dev from about the same time:

Looking at the links above and the thread it looks like the fix was to snapshot the div instead of the iframe. So I wonder if that would have worked in Noah's recent case as well. 

--
Scott Cytacki
The Concord Consortium

Aaron Unger

unread,
Apr 28, 2015, 11:59:02 AM4/28/15
to cc-dev...@googlegroups.com
After refreshing my memory with the email thread, that issue was that the older version of PhantomJS wasn't compiled against a version of OpenSSL that supported SNI, so it couldn't handle loading our https iframes (since we only support SNI-enabled clients in order to not kill ourselves with Cloudfront costs). By hand-compiling a PhantomJS binary against a newer OpenSSL, I was able to get that to work for ITSI. At the time, we weren't pushing for https in anything else.

I thought I verified that that particular model was still working for me with the shared snapshot server, so I didn't worry about needing to update PhantomJS... But maybe I just didn't test the right case.

Noah, do you know what version of OpenSSL the new version of PhantomJS uses? I'm guessing you're using the new 2.0 that released in January. Given all the OpenSSL bugs that have been found between 3/20/13 and 1/23/15, it wouldn't surprise me if they're using a really recent version.

-- Aaron
--
--
----
post message :cc-dev...@googlegroups.com
unsubscribe: cc-developer...@googlegroups.com
more options: http://groups.google.com/group/cc-developers?hl=en
---
You received this message because you are subscribed to the Google Groups "Concord Consortium Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cc-developer...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Noah Paessel

unread,
Apr 28, 2015, 12:06:46 PM4/28/15
to cc-dev...@googlegroups.com
I had to build the newest version from source, whereas the previous deployment was a prebuilt binary.  So this might also be part of the issue. As part of the build process I did update SSL using `apt-get update && apt-get install -y libssl-dev` 

Here are the SSL packages installed on the snapshot app server:

libssl-dev/now 1.0.1f-1ubuntu2.11 amd64 [installed,local]
libssl1.0.0/now 1.0.1f-1ubuntu2.11 amd64 [installed,local]
openssl/now 1.0.1f-1ubuntu2.7 amd64 [installed,local]



Aaron Unger

unread,
Apr 28, 2015, 12:12:18 PM4/28/15
to cc-dev...@googlegroups.com
Ah, cool. SNI has been supported by OpenSSL since 0.9.8f with a compile flag (Oct 2007!) and 0.9.8j by default (Jan 2009!), but the pre-built PhantomJS binaries were using older versions than that. And some of our servers were old enough to not even have packages that new (otto, seymour, more probably).

Did you try the latest pre-built binary? Or was that just not feasible?

-- Aaron

Noah Paessel

unread,
Apr 28, 2015, 12:14:40 PM4/28/15
to cc-dev...@googlegroups.com
Yeah, they don't have a pre-built binary for Phantom 2.0 for linux at the moment.  


Aaron Unger

unread,
Apr 28, 2015, 12:23:41 PM4/28/15
to cc-dev...@googlegroups.com
Hehe. I guess that's what I get for not looking that closely. I saw the zip packages for Windows and Mac and concluded there had to be one for Linux, too. :/
Reply all
Reply to author
Forward
0 new messages