TinyMCE4 - Problems on deployed site

[Danny]

Hi all,

I'm hoping someone can either replicate my issue or help me debug it.

Using Mezzanine master (as of 23/7/15), on my deployed site, I can't select an image from the Media Library to insert it into a page when Inserting/Editing an image.
This is editing via the main site's Yellow EDIT buttons, not on the admin side. (on the Admin side, it works)

i.e. this button:
 

The javascript error shown in the Firebug console is "Error: Permission denied to access property "tinymce" on FB_TinyMCE4.js line 4, col 8

That script is, with line 4 in bold:
var FileBrowserDialogue = {
    fileSubmit : function (FileURL) {
        parentWin = (!window.frameElement && window.dialogArguments) || opener || parent || top;
        tinymce = tinyMCE = parentWin.tinymce;
        self.editor = tinymce.EditorManager.activeEditor;
        self.params = self.editor.windowManager.getParams();
        parentWin.document.getElementById(self.params.input).value = FileURL;
        self.editor.windowManager.close(parentWin);
    }
};

The same actions work perfectly fine when running development/DEBUG=True.

The other problem that still persists in Mezzanine 4 (and has been around for a while, even with earlier TinyMCE versions), is that the Insert/Edit Link dialog does not pop up if editing a Page on the Admin side - I suspect this is because it is behind https/SSL here, and something is going wrong there.

The error given in Firebug is "Blocked loading mixed active content "http://mydomain.com/displayable_links.js""
Is there a workaround for loading the Filebrowser/TinyMCE content when behind https?

There used to be an issue with the 'asset_proxy' prefix that could be solved by substituting the SLL Middleware, but I don't think that's the smart thing to do.

These two are possibly the last hurdles I need resolved before upgrading my site to Mezzanine 4.

Seeya. Danny.

--
Danny Sag
Chairperson
Round World Events SA, Inc
City of Small Gods Terry Pratchett Fan Club - http://cityofsmallgods.org.au

Nullus Anxietas VI - The Australian Discworld Convention - http://ausdwcon.org
"The Discworld Grand Tour" - Adelaide SA, August 4-6, 2017

[Danny]

I'm now convinced that both of my issues are https/SSL related.

The media library image select works under https but not http, because the Media library browser is under the /admin path (which is https)
The insert/edit link box relies on displayable_links.js which is http, so it works through the 'front' side but not under admin.

Has anyone managed to get this working on a site with SSL enabled for the /admin path?

Seeya. Danny.

[Danny]

Replying to myself again...

I thought I'd try this with a brand new site, using the latest Mezzanine/Cartridge stuff from master prior to the 4.0.1 release.

BTW... it's still a problem :D

Setup steps:
1. mezzanine-project -a cartridge mez401

2. Edit requirements.txt to be:
git+git://github.com/stephenmcd/grappelli-safe.git
git+git://github.com/stephenmcd/filebrowser-safe.git
git+git://github.com/stephenmcd/mezzanine.git
git+git://github.com/stephenmcd/cartridge.git

3. Edit mez401/settings.py, uncomment the SSLRedirectMiddelware line

4. Edit mez401/local_settings.py, set up FABRIC dictionary to deploy to my vagrant VM

5. fab all

Hooray, deployment works, and I can visit the site and log in to admin.

6. Admin->Settings, set Enable SSL to true.

Now, to test the TinyMCE issues:

On Admin side, create a new page, select some text, click the "Insert/Edit Link" button... nothing happens (no popup)

Upload some pictures to the Media Library

On main site, edit a page using yellow EDIT button, click the "Insert/Edit Image" button.

Dialog pops up, click browse button (folder/magnifying glass) next to Source

Next screen pops up saying "Select image to insert" but the rest of it is blank - I'm not even seeing the Media Library browser here.

Browser debug console has the error message: "Load denied by X-Frame-Options: https://33.33.33.33/admin/media-library/browse/?pop=5&type=image does not permit cross-origin framing. <unknown>"

Can anyone help please?

Surely this is a standard setup for most websites? (admin, shop etc under https and the main site not) Can we get this fixed before the 4.0.1 release?

Thanks,

Seeya. Danny.

[Josh Cartmell]

Hey Danny I'm not too sure what's going on, but is your site actually serving from an IP address like 33.33.33.33?  Is there some sort of mixture of ip and domain[s]?

--

You received this message because you are subscribed to the Google Groups "Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-use...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Danny]

On 25/07/2015 1:04 AM, Josh Cartmell wrote:

Hey Danny I'm not too sure what's going on, but is your site actually serving from an IP address like 33.33.33.33?  Is there some sort of mixture of ip and domain[s]?

Hi Josh,

Yes, 33.33.33.33 is the host-accessible IP of my vagrant VM, and it's what I've got in ALLOWED_HOSTS (and the nginx.conf file), so I don't think it's the IP that's the problem. For vagrant deployment, I'm not using a hostname.

Relevant line from my Vagrantfile: config.vm.network "private_network", ip: "33.33.33.33"

Seeya. Danny.

[Danny]

On 11/11/2015 7:02 AM, Cody Pettit wrote:

Hi Danny,

Did you ever figure out what your issue was/is? We are facing a similar issue.

We can't select an image from the Media Library to insert into a page (or form). It's not even working for us in development with DEBUG = True.

We can, however, select and insert an image into a Gallery Page. 

The image/button needed to select and insert an image just isn't there when we are trying to insert into a page/form.

Mostly, the issue is accessing parts of the site across the HTTP/HTTPS boundary. If you  have HTTPS enabled for the admin side of things,
then accessing the Media Library when editing on the HTTP site doesn't work, and if you're editing in the Admin side, you can't get the Link List of pages because it's under a HTTP URL.

My overall solution was to make my entire site HTTPS... not elegant, I know, but probably better in this security conscious world :)

If you do go down this route, I found this page quite useful in setting up my nginx configuration to ensure all avenues are taken care of:
https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

Seeya. Danny.

Appreciate any help!

Thanks,

Cody

[Cody Pettit]

Hi Danny,

Did you ever figure out what your issue was/is? We are facing a similar issue.

We can't select an image from the Media Library to insert into a page (or form). It's not even working for us in development with DEBUG = True.

We can, however, select and insert an image into a Gallery Page. 

The image/button needed to select and insert an image just isn't there when we are trying to insert into a page/form.

Appreciate any help!

Thanks,

Cody

[Iain Mac Donald]

On Wed, 11 Nov 2015 07:07:29 +1030
Danny <mol...@gmail.com> wrote:

> My overall solution was to make my entire site HTTPS... not elegant,
> I know, but probably better in this security conscious world :)

and don't forget ranking:
http://googlewebmastercentral.blogspot.co.uk/2014/08/https-as-ranking-signal.html

--

Regards,
Iain.

[Wim Feijen]

Actually, it is insecure to have part of your website https secured and part not, because cookies can easily be intercepted. So it's always a good idea to secure the whole site.