Sign in to follow this  
Followers 0
JohnK

Playground Security Blocks <script> Appending

4 posts in this topic

From today I am getting a  Blocked loading mixed active content message whenever the page uses an external url and

var s = document.createElement("script");
s.src = url;
document.head.appendChild(s);

This affects a number of PGs including, among others, Jerome's dynamic terrain PGs. This seems to be because the playground is now delivering all pages using https. Is this a recent change?

When this happens the PG can be unblocked using the lock icon next to the PG address. This is annoying.

If security demands https  then in future all demonstrations of new functions will require the direct placement of the new functions as code within the PG editor,

Can this decision to deliver all PG pages by https be reversed or are security concerns such that delivery for all PGs must now use https?

 

Share this post


Link to post
Share on other sites

Hello John,

if you are in https mode, the best option is to load your urls from a https source as well: https://www.babylonjs-playground.com/#12CWQQ#52

Script appending is not blocked but https requires to load data from https only.

 

We moved to https because the web is clearly moving to https as a whole. Google gives you better SEO if you are on https for instance

 

Share this post


Link to post
Share on other sites

Ok, I probably will need to had some Let's Encrypt certificate to my own site then.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.