Prism Blog

Prism release preview 8th November 2016

As part of a continual effort to improve the security of our web applications, in this release we have made Prism use HTTPS (Hyper Text Transfer Protocol Secure) throughout. Until now, the use of HTTPS has been limited to pages visited during and after signing in.

This change is in line with a general move to HTTPS on the web. Modern browsers will soon start to issue a warning to you when you visit sites which use only HTTP as the changes in internet standards regard this as insecure.

When a user follows a link to an HTTP Prism page (including from within Prism) the URL will be automatically re-directed to the HTTPS equivalent. This means all your previous bookmarks and saved pages will continue to function, as the request will be transparently redirected to the HTTPS resource.

Making the most of your preview

Please check the preview version as early as possible to familiarise with the new functionality and to ensure that your tenancy still behaves as expected in terms of both functionality, including extensions, and styling.

Pages with mixed content – where there are links with HTTP URLs – may not display the content from the HTTP links and may display a warning alert, depending on your browser.

You will also want to investigate the impact this has on machines in the library that are locked down to access Prism only.

If you’d like assistance with any problems that you find, please open a Support case.

To preview this release, please precede your tenancy URL with ‘demo.’, like this:{your tenancy name}. If you have your own host name, you’ll need to use instead.

Release to the live service

The release of Prism to the live service will be on Monday 21st November 2016.

Comments and contact

If you have any comments, questions or suggestions please get in touch. You can comment here on the Prism blog, on the Prism forum and Prism Ideas or contact your Account Manager or the Prism team directly.

3 Responses

  1. Meghan Says:

    Hi Terry – what can be done about Juice extensions that trigger the browser warnings/suppression? For example, we can’t use the google books embed or the aspire list extensions without the user lifting their own browser restriction as they must be serving non-https urls, which is going to be difficult to communicate or explain as that then triggers warning about no longer being on a secure site etc.

    Juice seems to have fallen off the face of the internet unfortunately.

  2. Terry Willan Says:

    Hi Meghan – Acknowledged. We’ll get an answer for you as soon as possible.

  3. Terry Willan Says:

    Hi Meghan – Good to see that you’ve fixed the problems with your Juice extensions.

    For the benefit of others, the problem occurs where an extension is requesting an asset over http, which is then suppressed by the browser as non-secure in an otherwise secure web page. The solution, where the asset server is capable of delivering over https (as Google and Aspire and many others are), is to use protocol independent uris in your Juice extension JavaScript files for the addresses of assets (as advised in the Prism Design Guidelines). This means beginning the uri with ‘//’, omitting ‘http:’.

    To debug this you can use the console in the browser’s developer tools, which will show the urls being blocked by the browser for being cross protocol.

    To make your theme changes take effect in your tenancy, remember to reset the tenant cache. In the demo environment this needs to be done by appending the path parameter resettenantcache to the tenancy’s base url.

Leave a Reply