+2
Answered

Sitepal Avatar use within an HTTPS environment

Justin 13 years ago in SitePal Platinum updated by Gil Sideman 8 years ago 16
How can I use Sitepal Avatars within a secure environment? HTTPS over port 443? We have an application that allows for clients to log into our system and on their own page, see an avatar. the problem we have is that now when they log in, and see the avatar, the box states that the avatar is not secure and poses a security threat. how can we make the avatar come over a secure port? or , can we host the avatar's on our own local servers?
features
Hi Justin -

Yes - the SitePal avatar can be embedded in secure pages
when you grab the embed code from your "publish" section, turn ON the checkbox "Secure Protocol (HTTPS)".

You will need to copy paste the embed code again.

That's it - should work without any security alerts.

Let me know how goes.
Regards,
Gil
SitePal Team

Gil,

Thanks for the post, however it's not working that way for me. Have a look at https://www.HinshawsChevelle.com. Please advise. FYI - I have already submitted two support tickets and have received no answer. Thanks.

I'm looking at a similar problem. The only difference in the embed code seems to be http vs. https. Even when I use https, I see that there are a couple of files which use http:

http://www.sitepal.com/setCookie.php?...
http://www.sitepal.com/crossdomain.xml

The inclusion of these sites cause Chrome (and perhaps other browsers) to label the site as not secure.

What am I missing? Is there a way for your code to access this content via https?
John -
Sounds like you are doing things right. Might be a problem on our end.
I referred this to engineering; we will look into it Monday morning and get back to you.
Regards
Gil
SitePal Team
Gil,
Thanks. I'm looking forward to learning if this is something that you can correct. Let me know if I need to make a change.
-John
+1
John -
Looks like a bug on our end - this may take a few days to clear up, test and deploy. Thanks for your patience.
Gil
Thanks Gil.
Let me know when it's deployed and I'll do some QA on our site as well.
-John
Hi Gil,
Any update on the status of this bug?
Thanks,
John
John -
The fix is in QA review. May take another day or two before it is deployed.
Gil
Hi Gil,

Now I'm seeing that a file fails to load:

Failed to load resource
https://www-vd.sitepal.com/crossdomai...

In another browser it shows:

"NetworkError: 502 Bad Gateway - https://www-vd.sitepal.com/crossdomai..."

Let me know if you need more information.
Perhaps the URL is not meant to include "-vd".

Seems that https://www.sitepal.com/crossdomain.xml works.
Hi John -
Thanks for pointing this out.
This is indeed an incorrect link pointing to our development environment - which was deployed by mistake - as part of a fix to this very problem.

We will deploy an updated fix first thing tomorrow.
Thanks for your patience.
Gil
John - this should be resolved now.
you may need to clear your browser cache.
Let me know if you are still seeing a problem.
Gil
Gil. This looks good now. Appears that all of your connections are now HTTP. Thanks for the help.

Hi, I'm trying to change the background on my avatar using the information from http://www.oddcast.com/support/setBackground.html. However, my site uses https and I get an mixed content error. In my Publish window, I only see the HTTPS option if I choose "Web Page (No Javascript)", but this option will not allow me to interact with the avatar using the JS library. Am I missing something?

Hi Kofi -

Before you do anything else, please grab a fresh copy of the embed code from your account.

This will ensure you use the new html5 characters (not Flash)

Here is the equivalent example in HTML5 - for your reference.

http://www.oddcast.com/support1/setBackground.html


Any special reason you would need the "No Javascript" option? That option is intended only for pages where JS is forbidden, and it displays the (old) Flash version of the character. That said, it should still function on http and https (there is a checkbox to select which one you want)

I strongly recommend to Grab the "Standard Web Page" embed code for best results.

Hope this helps. Let me know how goes.

Gil