laura — 2014-05-20T03:43:28-04:00 — #1
Continuing the discussion from Make own TeachingKit:
Hi @jeffmason! Sorry for the frustrations, let's see if @brett (knows Webmaker inside and out) @toolness (superstar dev) or @chadsansing (uses Thimble extensively in his own classroom) have some ideas for you.
toolness — 2014-05-20T05:41:02-04:00 — #2
Hey @jeffmason! For security reasons, the preview area is an
<iframe> hosted on an entirely separate domain, at
mozillathimblelivepreview.net. So your IT folks will want to whitelist that too, and likely also
*.makes.org, as that's where your students' makes will be hosted once they're saved.
shelleyvadams — 2014-05-20T07:51:31-04:00 — #3
@jeffmason You can also use the RequestPolicy Firefox add-on to see the domains used for cross-site requests.
By setting the "Default Policy" preference to
Block requests by default. (For advanced users. Breaks many websites.)
you can use it to simulate how the school's heavy filtering will impact individual Webmaker projects, which may fetch images, stylesheets, fonts, etc. from various domains.
jeffmason — 2014-05-20T07:58:26-04:00 — #4
Thanks for the discussion help @laura and the tech information @toolness, I will get these domains to IT today. Thanks, too, @ShelleyVAdams. I figured this was happening. It s good to know that there is a tool (Request Policy) to help me shed some light on what information I can send to IT (blasted filters). I have one more class, Friday, before the end of the year. I am optimistic that it will work just fine.
chadsansing — 2014-05-20T09:50:28-04:00 — #5
@jeffmason I am happy to see solutiuons abound! My first bit of advice would have been to do exactly what you did in getting the first (and second) domain white-listed. Once in a while, a coding error or call to an 'http' rather than 'https' asset, like an external stylesheet or script, will also blank the preview plane until the bug is fixed or an 'https' is put in place of 'http.'
jeffmason — 2014-05-20T10:27:00-04:00 — #6
I sent the new domains to IT this morning and they have been whitelisted. I've logged in to a student workstation and everything appears to be in good working order. Yeah! and thanks to all. I will document these domains for the time being. When I return in the Fall I may have to repeat the process.
karensmith — 2014-05-20T14:31:00-04:00 — #7
Big shout out to @jeffmason and everyone having this conversation in the open. This is a problem many have and will face!
dougbelshaw — 2014-05-21T05:44:38-04:00 — #8
Agreed, thanks for raising this @jeffmason. I'll point the Webmaker product team towards this as it's something that should be documented on the site itself.
Update: I filed a bug. You can add yourself to the 'cc' list at the top-right if you want to get updates on its progress! https://bugzilla.mozilla.org/show_bug.cgi?id=1013858
dougbelshaw — 2014-05-22T11:41:38-04:00 — #9
OK, @brett has suggested we create a SUMO* article for this. I wonder if @jeffmason, @toolness, @ShelleyVAdams, @laura and @KarenSmith would be up for helping with that?
* SUMO is short for 'SUpport MOzilla'
karensmith — 2014-06-05T09:25:13-04:00 — #10
I don't have the domain knowledge here but I started an etherpad if people want to insert steps they've taken to overcome this. https://etherpad.mozilla.org/sumo-whitelist
The etherpad is also linked from the bug.
dougbelshaw — 2014-06-09T05:36:01-04:00 — #11
Thanks @KarenSmith. I'm not in a position to test either (not behind institutional firewall) but happy to help shepherd if people jump in.