Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I'm trying to load a 3rd party library (specifically YUI2, to handle drag-and-drop) in a G+ Hangout app that I'm developing.

It's just included at the top of the HTML file:

<script type="text/javascript" src="http://yui.yahooapis.com/combo?2.9.0/build/yahoo-dom-event/yahoo-dom-event.js"></script>

When run, Hangout refuses to load it, citing:

[blocked] The page at https://[app url] ran insecure content from http://[YUI2 url]

I'm assuming it's because Google's serving the app and the hangout through HTTPS, while the library's only going through HTTP, and it doesn't like mixing the two. The question is, how do I work around this? I don't want my users to have to change their settings to use my app, and I'd prefer to use Yahoo's host of the library rather than mirror it myself.

share|improve this question

1 Answer

up vote 1 down vote accepted

Your assumption is correct. You need to embedd this script over HTTPS.

Yahoo does not offer SSL support on their CDN. Read why.

You may use the google CDN:

https://ajax.googleapis.com/ajax/libs/yui/2.9.0/build/yahoo-dom-event/yahoo-dom-event.js

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.