Live previews now support HTTPS if the author origin supports it


#1

For those who have been following the Chrome release cycle, you’ll be aware that Chrome 68 (stable) is making tracks in order to deprecate user interaction on HTTP pages. This has unfortunately impacted author live previews since the preview subdomain was restricted to HTTP only due to the number of authors hosting a HTTP only preview (along with some technical challenges I’ve outlined in other posts).

I’m pleased to announce that as of today, we’ve made some changes that will allow HTTPS author previews to be HTTPS on the preview subdomain :star2:

To take advantage of this new functionality, you can update your item’s demo URL to be a HTTPS URL and correctly respond to HTTPS requests. Once this has been completed, your live preview will be served via HTTPS.

Sing out if you have any questions!


ThemeForest Preview Site is NOT SECURE - Need to be fixed as soon as possible
#2

Well, I’m using https for all my demo URLs since uploading my 1st item on Envato (more than a year ago). Do I miss something here?


#3

Hi @phpmillion,

Until now, previews have been implemented using an iframe on a page served up by plain HTTP. While your demo would have been loaded into the iframe over HTTPS, the page itself was not. With today’s change, both the iframe content and the preview page are now loaded over HTTPS.

There’s no action you need to take, it’s all automatic.

Kind regards,
Ross
Lead Developer


#4

That’s very good news! Thanks!


#5

Thanks for the info.
What about the redirect warning in Chrome 68? Most of the authors here use a redirecting script to remove the live preview iframe to something different. I know this feature is a plus to help against ‘framebusting’. Would you consider an option to load our item preview link without the preview window?


#7

Hi @arrowthemes,

Great question! We’ve received a few support requests about the same topic, so I’ve ben discussing it with a couple of our product managers over the past month.

The purpose of the iframe is to give users a path back to the item page. Our user research has shown that often users either open a number of previews (which open in different tabs) or get deep-linked to the preview tab. When that happens, the “Buy now” and site logo at the top of the iframe are the only way for the user to get back to the item page.

The product managers are trying to decide what the best solution to this problem is. Either way, it will require us to notify authors so they can adapt their preview URLs to whatever changes we make. It could be that we’ll remove the preview iframe entirely (so preview URLs open directly in a new tab) or we may do something else.

As soon as we’ve got an answer I’ll update this thread with the details.

Cheers,
Ross


#8

Thanks Ross for the feedback. I look forward to the solution.


#9

Many authors have their own iframe, can you consider the option in the user’s settings panel to disable the default iframe? Thanks.


#10

Hi @QuanticaLabs, I’ll make that suggestion to the product manager so it can be considered as one of the options.

Cheers!


#11

@rosssimpson, all our items are seriously affected by this. Chrome doesn’t let us do anything with our preview frame, and we 100s’ of items to advertise. Please allow us to remove the Envato frame! We’re loosing sales!

We’re getting a double header on this, removing the frame by clicking it still doesn’t redirect properly… :expressionless:

The Envato Frame needs to be removable… our sales are toast until then … help?


#12

Hi @Enabled,

Can you help me understand how this affecting your sales? I realize it’s not a great user experience, to open the preview and have that loading text there, but there are two ways for users to still get to your item (either clicking on the link you provide in your loading text or clicking on the “Remove Frame” link.

I’ve just passed your info on to the responsible product manager and will follow up with him ASAP on what we can do, short-term and long-term. I’ll reply back here when I have more to share.


#13

Exactly that. The user experience is quite crappy. And, not to mention, we already have and have had a bar for over 6 years, now we have 2… one of them is useless in helping us advertise our products ( the Envato one ) and it’s not helping in any way.

  1. It has no way to switch between items.
  2. It locks us out from adding a link to another freshly released item ( previously we had a universal image on all items, with a redirect.html, but after the CDN was added, that option got booted as well )
  3. For some user it opens in a double bar, for some user it opens in our bar, and for other users ( @20% from what we tested ) it opens and leaves a white screen.

So basically, we’re left with the following solution:

A. Keep Envato’s item bar… and advertise the rest of our 100 products… not possible.
B. Keep Envato’s item bar and try to remove it with redirects (as of Chrome 68, that’s becoming impossible, and most likely it will be 100% impossible in Chrome 69 when they fix what makes it possible now )
C. Keep both bars and give a totally crappy user experience, with one of the bars being utterly useless.

Isn’t easier to add an opt-out button… " Using your own Item Switcher? Checkbox -> Disable Default Item Bar"

This way everyone is free to keep or remove the item bar.

It really is creating more problems than anything to be honest to have in there, with so few options in it and with 0 customizability… it’s just a Purchase button and a Remove Frame … :expressionless:

My frame does the same thing and much much much more. Why can’t we remove the Envato frame then? :slight_smile:


#14

And yeah, this works half the time, the other half Google’s security catches it and you’re left with a blank screen. So, does it affect sales for users to see broken previews? Absolutely! Massively!

I only realized this is a problem after getting a tone of emails in the past few days from users saying “hey, your preview’s broken” … yet checking on mine, all works. After clearing all caches and reinstalling chrome, voilla, everything was dead.

What you see now on our items is a half-baked solution that is quite annoying… a double bar, with the Envato one being utterly and totally pointless…


#15

I can confirm this bug, sometimes the iframe doesn’t load and it leaves a white screen.


#16

Yeap! And this alone has the potential to reduce the number of sales, not to mention the fact that double bars looks like something got hacked and makes it feel… weird… out of it’s place. Horrible user experience.


#17

Thanks for all that supporting info @Enabled, I’m feeding it directly to the PM.

I’ve not experienced the blank screen issue you and @Exill describe, but can appreciate what that does to your users. I’ve just tested a few times (Chrome 68) and I can’t reproduce it. I’ll dig deeper into this and see if we can understand the cause. You said it was Google security causing that – do you have any further info you can share about that (error codes/messages, etc.)?

As mentioned above, the original reason for the bar at the top of the frame was to provide a way back for users who’ve made their way to the preview and either lost or never had the parent item page open. Both the Envato logo and the “Buy now” button return the user to the originating item page. While I can see your previews do link back to the item page themselves, not all authors’ previews do. Just removing the bar without warning is not something we’re prepared to do.

I’m interested in the point you’re making about Chrome 69 – are you suggesting that the iframe sandbox attribute allow-top-navigation will be removed in Chrome 69? I wasn’t aware of this.

If you have any further details you’d like to share, please feel free to PM me (I’d like to keep this thread somewhat on-topic). As mentioned, I’ll be taking your concerns to the PM and hope to have an interim solution soon.


#18

Thanks mate! I’ll compile a list and a test environment for you and get back in a couple of days. Need to see if there are proper workarounds for this, at least maybe a solution can come for this for multiple authors.

In Chrome 68 they added security protocols against iframe redirects. Envato uses an iframe, we use an iframe and we redirect from Envato’s to our server.

(1)Live Preview Click -> (2)Envato Iframe -> (3)Redirect PHP -> (4)Enabled Frame.

The problem is that Chrome detects Step 3 and stops the redirect process there, around 20% - 40% of times. For me it cleared after a cache clear and we had to use a new way to jump it.

Source or Chrome 68 Redirect Restrictions.

Quote:

Update 2018-06-07: The two protections described above that prevent unwanted redirects and unwanted tabs or windows are now scheduled to be released with Chrome 68. The timeline for expanding Chrome’s pop-up blocker remains unchanged, as it already launched in January.

So this problem will become quite real, very fast for all authors that have multiple items on sale and use an iframe. We need a solution!.

PS: The Envato frame could be removed with a review process. Authors that wanna opt out could make their frame match your guidelines, if it matches, give authors the option to remove it. Otherwise, when this becomes the default Chrome behavior… you can expect people to shout really, really loudly that their sales will die as previews will die.

Will ping you with a test environment soon.


#19

Hi @Enabled, Luke from the Envato product team here. We’re definitely looking into this and it’s certainly a tricky issue. Our hands are tied here by the direction browser vendors are going.

Two important things to note is that many authors rely on the Envato header bar to get customers back to their Market item page, and we’ve never supported frame escaping. I understand the frustration but the immediate solution here is to disable your frame escape to prevent Chrome from landing customers on a blank page.

We’re reviewing options on how we go forward with this and whether we provide support for a direct preview solution that removes the need to frame escape.

Two questions for you and all authors reading this:

  1. What are you main reasons for frame escaping?

  2. If frame escaping was not an option what changes would you request we make to the Envato header bar?


#20

Heya @lukemeehan, thanks mate for reaching out! Truly appreciate it! To be honest, and I think most authors I’ve spoken to agree, that frame is obsolete, it has been for a long, long time.

You guys provide an amazing API, check my item frame for example, I can pull name, sales, link to previews, everything my heart desires to show potential customers using your awesome API. The current frame is

    1. Large, obtrusive and highly rigid ( literally 0 customization options )
    1. It serves absolutely no purpose to an author that can create his own. Literally no purpose.
    1. I understand that you guys have tons of Analytics embedded in your frames, that can be added by authors in the frame as well. Give this feature to Elites for example, they’re sure not to mess things up. We can import a script from Envato’s server, you guys can modify whatever you want, problem solved.
    1. It’s a paradox. Really. Items open in a new tab, but the bar takes you back to the item in the same window. So now you have the item open in 2 windows. And the last purpose, is to remove the bar itself… Wouldn’t it be easier to have it gone alltogheter or allow a more flexible solution ( custom author built )

The thing is, in the past, before the CDN was added, hundreds of authors used images in their item previews. Let’s say you add an image under the preview “Item X released | Item Y Updated” and point that to a redirect.html that sends you to your item on Envato. Then the CDN came along. We have no way to clear the CDN cache, and therefore, a very, very, very valuable marketing tool was removed. For me, editing 150 items to add an image to advertise a new product or an update… well … it would take an eternity.

To answer your questions.

1. What is the main reason for form escaping?
Rigidity. It serves to go back to the item, and delete itself. So, basically, it serves to go back to the item. We’re doing that with our frames. Plus we can also

  • Add an item list.
  • Pull information via API automatically
  • Advertise updates (see CDN and images above )
  • Advertise discounts
  • Get comprehensive analytics ourselves for our items
  • Add Responsive Controls (my case mobile frames, in 99.99% of authors here buttons for desktop/tablet/mobile )

2. If frame escaping was not an option what changes would you request we make to the Envato header bar?
I think this bar has had it’s day. Competitive marketplaces don’t use these things. I understand it once had a purpose, but now it is a relic to a past that no longer suits any purpose. That bar is there to go back to the item ( which opens in a new tab by the way, the item isn’t going anywhere ) and to self destruct / remove itself. Regarding the analytics codes you guys require, I’m sure everyone can add a script to their frames, and add classes to the close buttons and buy now buttons to track clicks and other information you need.

To be honest, being at the mercy of the browsers, is very nasty, but Envato isn’t at the mercy of the browsers, the authors are due to the limits imposed by the frame…

This entire problem could be solved in a second, literally, there wouldn’t have to be thousands of items edited for thousands upon thousands of authors. Remove that bar, and everyone is happy and all problems with the browser are solved in a heartbeat… :slight_smile:

What Envato could add to it? Well, again it would severely limit our customization options.

  • You could add an item switcher, but that will be based on images already existing on Envato, the 590 previews in my case and many other authors are useless.
  • Add a dropdown with theme names, that works for guys like Avada or The7 or BeTheme or other monsters, but for other authors, their product names don’t really represent a known brand, clickthrough rates would be totally ineffective.
  • Add sales info and ratings … yeah, that would, help, but with the above mentioning points, that wouldn’t help a lot. Top sellers would keep selling, new items would die.

There really isn’t much you guys can do to cater of the masses, other than allow authors via a review system or sales rank or Elite rank to add their own frames, conditioned on adding your own tracking codes to it to server you and serve us.

I for one, would add whatever codes you guys would want, just as long as I could advertise my items in the way I discovered sales and brings customers. Not all methods would work for all people, and that makes the existing Envato bar obsolete.

Thoughts? :slight_smile:


#21

Thanks for that, gives me more info to help make a decision! I’m catching up with more of the team later today (it’s early in Australia right now!) and will get back to you with an update.