Details
-
Type:
Improvement
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.5, 4.6
-
Fix Version/s: 4.7
-
Component/s: None
-
Labels:None
-
Documentation Required?:None
-
Funding Source:Contributed Code
Description
Since Firefox Version 23 (or so), OpenStreetMap didn't work any more as a mapping provider in my environment. The reason is: Since that version, Firefox (as well as most of the other browsers) blocks active content loaded from http sites, when called from an https site.
So, as CiviCRM should run on https, but calls the mapping script from http://openlayers.org/api/OpenLayers.js (without http"s"), this browser option prohibits the OpenStreetMap from being displayed.
As a workaround, the default browser option can be changed, to allow the usage of active content (about:config > security.mixed_content.block_active_content = false) - but this creates a security issue which enables man-in-the-middle attacks. And better should not be used by default.
A simple solution would have been to call the OpenLayers script via https. Unfortunately, this seems not to be available. However, for security reasons, we should try to fix this. Any ideas?