Here at ITG, we love Canvas modules. During our initial Canvas rollout, we recommended them as often as we could, and many courses at Emerson use modules in one form or another. One of the nicest components of modules is how easy they are to organize links to websites and academic journals. Trying to make hyperlinks in wiki pages can be a multi-step process, and updating those links can take a bit of time.
However, there is an important new change to how web browsers work (yes, all but Safari at this time) that we wanted to share with you. It’s called “Mixed Content”. What is mixed content? Simply put, it’s when you have have links within a secure site that aren’t secure themselves. Canvas requires an Emerson login to access. This makes it a secure site. Adding a link to a New York Times article, which doesn’t require a login, would then make your course have “mixed content”. The reason why we wanted to let you all know about this is because of a new security feature of web browsers that effectively blocks unsecure content within a secure site. A link in a module to an unsecure site will not preview in Canvas.
The reason this is now an issue is due to the increased concern surrounding online security. An unsecure link within a secure site is often how malignant code is able to either entire a site or redirect a user to a fraudulent site. Now, a course in Canvas is certainly not a high priority for would-be hackers. However, web browsers are not smart enough to know that, and will treat all websites the same.
There are two ways to get around this issue while still using modules. The first is simply to just let students know that they need to click on the URL header of the page. Here is a screen shot showing where that header is:
This will leave Canvas, but many students have their web browsers set to open links in a new tab or window. So navigating back to their course won’t be an issue.
The second, more complicated solution, involves changing how the browser handles mixed content. Within every page, the end user can tell the browser to ignore the mixed content security for that one site. It’s a similar process in both Firefox and Chrome, but we’ve attached screen shots of how to disable protections against mixed content in Firefox.