Web browser security has increasingly placed an emphasis on preventing users from accessing HTTPS sites which include insecure HTTP content, known as mixed content, so that potentially sensitive information is not sent in the clear from an otherwise secure page. This article outlines how to stop this situation from arising on the ESS player.
EchoSystem customers using mixed content security protocols, where Application Network Settings for the EchoSystem Server are set to "HTTPS for App/HTTP for Content" with or without the "Reverse Proxy" option may experience problems with playback.
When following a link to access an Echo or EchoCenter page from an LMS, content from the ESS may be loaded in a frame. If protocol security (i.e., SSL/TLS) is enabled for the LMS but not for the ESS, the browser may display a security warning and/or refuse to render the content.
- Change the Application Network Settings for the ESS to "All HTTPS" or "HTTPS with Reverse Proxy." If you are using the "Reverse Proxy" option to serve on privileged ports, make sure the port numbers shown on the page are correct before saving changes.
- If you are running an external Web server, ensure the proper SSL certificates are installed there. To avoid certificate validation warnings, use a trusted certification authority.
- Restart the ESS service.
Any content links that have already been published or distributed will no longer be accurate. You will need to republish or redistribute them all in order for those links to function normally.
- For EchoCenter publishing this can be accomplished by editing and saving the publisher in the ESS web UI.
- Systems that use LTI cartridges will need a new cartridge generated with the correct service URIs.
- For Blackboard individual link publishing or RSS feeds,the publishers must be removed and then added again to any affected sections.