Skype CDN over SSL - McMap

About

Skype CDN over SSL

Asked 9/5, 2014 at 17:28 Answered 20/5, 2014 at 20:45

Solved javascript jquery html skype

K

1

8

I used to test whether a logged-in user could hit the Skype CDN to determine whether or not to show them UI elements:

https://cdn.dev.skype.com/uri/skype-uri.js

But it seems like, out of nowhere, their CDN just moved (breaking my code) to here:

http://www.skypeassets.com/i/scom/js/skype-uri.js

My page is https and I can change the url above to https a la:

https://www.skypeassets.com/i/scom/js/skype-uri.js

But because there is no valid certificate there I can't connect and the browser doesn't throw the "confirm security exception" message.

What are my options to determine if I can connect to Skype CDN from SSL?

Kawasaki answered 9/5, 2014 at 17:28 Comment(5)

How much of a requirement do you need to test if you can hit the secure version of the site. Why can't you just test for the regular http site? Or is your requirement knowing if you securely connect? – Gracioso 20/5, 2014 at 20:35

@Gracioso because that would mean mixing encrypted and plain HTTP... that would totally miss the point of using https to begin with. A MITM attack could alter one of those JS files and compromise the data. – Unbated 20/5, 2014 at 20:37

@BenjaminGruenbaum hes not trying to run the code I dont think, I think he just is testing access. Not sure – Gracioso 20/5, 2014 at 20:41

@Gracioso it's not about him getting the code, it's about an attacker being exposed to the unencrypted file, letting them change its value if they intercept the connection in the middle and serve users a compromised one instead. That's the problem HTTPS solves for you. – Unbated 20/5, 2014 at 20:42

@BenjaminGruenbaum Just taking a shot by trying think out the box. I was thinking that if the OP didnt actually care at all what the file contained and was simply wondering if they had access to it there might be an alternative solution. After reading about the skype API I see that is not the case, good answer – Gracioso 20/5, 2014 at 20:49

U

5

They were made aware of it by a developer here over a month ago.

To sum it up:

They are now aware of the problem.
They're deploying a fix shortly.
It might still cause issues with Chrome.

Seems like you'll just have to hang tight, sorry.

Here is their full official response:

Hi,

Thanks for posting, URIs are supported by the Skype Developer team and you can find out how to contact us by visiting the contact us page on http://developer.skype.com.

I can confirm that using Skype URIs on secure connections is presently broken. We have identified a fix and hope to deploy it shortly. Its likely, however, that the fix will still not work on newer versions of the chrome browser due to a change in the way it handles iframes launched over secure connections.

Allen Smith

Skype Developer Support

Update

7 months later and they still haven't properly fixed it.

However, that same thread now has a solution (of sorts) in its last comment:

Copy skype-ui.js to your project and replace below code to: this.SkypeClientDownloadUrl = this.httpProtocol + "//secure.skype.com/download"; this.assetPrefix = this.httpProtocol + "//secure.skypeassets.com/i/scom/images/skype-buttons/"; this.analyzeScript = this.httpProtocol + "//secure.skypeassets.com/i/scom/js/" + "skype-analytics.js";

Not pretty by any means, but at least it seems to work.

Unbated answered 20/5, 2014 at 20:45 Comment(1)

@Tomty Thanks this is useful :) Feel free to edit it into this answer or add your own to give it better visibility for future visitors. – Unbated 23/12, 2014 at 12:27

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.