Uppy: Transloadit requesting Insecure Resource

Created on 2 Sep 2018 · 4Comments · Source: transloadit/uppy

I just deployed a simple application which allows users to upload a video which is then wrapped in a device image. It's powered by Uppy and Transloadit. 🤘🏻However, I noticed that when the application moves from uploading to processing, a security badge showed up on my Google Chrome address bar. I checked the console logs and here's what I found:

Mixed Content: The page at 'https://www.mock.video/' was loaded over HTTPS, but requested an insecure resource 'http://api2.jaying.transloadit.com/assemblies/49fbd320aec911e887a3cb4eb892acc6'. This request has been blocked; the content must be served over HTTPS.

It would seem like Uppy/Transloadit is trying to check the status of the assembly but is calling the non ssl domain instead of HTTPS. I tried manually providing the service url to the Transloadit configuration but that didn't seem to resolve things:

service: 'https://api2.transloadit.com'

Research into the code doesn't really reveal any errors.

The application actually completes the task fine but I would love to resolve this issue and also understand why or prevent Uppy from pinging the non secure url. Thanks for your help!

Transloadit

Source

leemartin

All 4 comments

Thanks for the report! Looks like I've used Transloadit's assembly_url instead of assembly_ssl_url parameter somewhere by accident.

goto-bus-stop on 3 Sep 2018

👍1

I just deployed a simple application which allows users to upload a video which is then wrapped in a device image. It's powered by Uppy and Transloadit. 🤘🏻

That looks really awesome Lee! Can't wait to try it out once this problem is solved / you updated to the latest version :) Also if you run into anything else I'd love to assist to get this on the road quickly for you.

/cc @goto-bus-stop will we get a release with this fix soonish?