PDA

View Full Version : [FIXED] "This page contains both secure and nonsecure items" in IE6



ashleywong
5 Jun 2008, 12:15 AM
I've tried to place the compiled Explorer or Mail app to a server running HTTPS. If I use IE6, we got "This page contains both secure and nonsecure items" alert. How can we avoid this message?

gslender
5 Jun 2008, 1:04 AM
This normally occurs becuase some external references exist with with blank URLs (iframes, images, stylesheets, etc) that are filled in later via script. These blanks refs can sometimes be the culprit becuase they are internally http objects when default and via script are set to a correct URL https.

Darrell, you might need to ask Jack what they do in ExtJS and copy the same concept in ExtGWT to ensure HTTPS delivered apps work without this error.

BTW - just my guess and I've not done any checking of the ExtGWT JS code to confirm this.

ashleywong
5 Jun 2008, 1:09 AM
I think your guess is right since I've captured the HTTP request and I found that there is no other requests beside HTTPS.

litera
5 Jun 2008, 1:28 AM
if you change the path of Ext.BLANK_IMAGE_URL to your own that points to http, you should be fine. And eventually also Ext.SSL_SECURE_URL if you use functionality related to these iframes.

I don't think there are any other references within ExtJS that would point outside your domain.

ashleywong
5 Jun 2008, 1:32 AM
if you change the path of Ext.BLANK_IMAGE_URL to your own that points to http, you should be fine. And eventually also Ext.SSL_SECURE_URL if you use functionality related to these iframes.

Is it suitable for Ext GWT? Where can I set this two variables?

gslender
5 Jun 2008, 3:07 AM
This is someone from ExtJS background trying to answer this post - in ExtGWT these JS concepts don't exist.

Darrell will need to consider this problem and figure out how to handle the non-urls in IFrame/images etc... it should only occur in IE6 I think so hopefully not a common problem.

litera
5 Jun 2008, 4:10 AM
Sorry for that. I've been reading too fast not noticing you're using ExtGWT.

darrellmeyer
5 Jun 2008, 9:08 AM
This is already handled in GXT. See:


GXT.BLANK_IMAGE_URL
GXT.SSL_SECURE_URLThe iframe used by ModalPanel is using a secure URL. However, the shim used in Layer was not. This code was needed:


if (GXT.isIE && GXT.isSecure) {
el.setElementAttribute("src", GXT.SSL_SECURE_URL);
}Fix is in SVN.

ashleywong
12 Jun 2008, 11:01 PM
Has this fix released in beta5? I've tried beta5, the problem still exists

jraue
12 Jun 2008, 11:42 PM
Beta5 was released yesterday, so the SVN fix will for us non-premium users only be available with the next release. Correct me if I'm wron...

htafolla
24 Jun 2008, 10:11 AM
This still seems to be an issue with RC1b it appears that the IFRAME src tag does not have a default set such as in GWT (src="javascript:''") so IE gives the warning. Then once I click yes or no the IFRAME src tag is set is set with the URL of the site. In this case we are using a FormPanel with combobox and button.

darrellmeyer
24 Jun 2008, 4:52 PM
This is fixed and tested. Change is in SVN.