PDA

View Full Version : IE 8 Mixed Content Warning During Store.Load



mjohnsonaz74
31 Mar 2011, 6:42 AM
I have used YSlow and a good old fashioned code review to make sure that I'm not making any http calls from my web page. I also read an article that stated that IE 8 doesn't consider javascript to be a secure protocol. So, now I'm trying to eliminate the store.load as a culprit.

For a JsonStore I don't see a configuration item to make it's AJAX calls using SSL. I'm giving it a relative URL that points within the application so I'm not sure if it even matters. Turning on the FireFox security warnings has no effect since (as we all know FF is well ahead of IE in common sense). Can somebody please shed some light on how to force a store.load to use ssl? Is it even necessary and am I chasing the wrong suspect? Any insight would be appreciated. Thanks!

Dhugal
31 Mar 2011, 6:51 AM
The site I use ExtJs on is running under SSL and I have not had this problem with http proxies/stores.

Can you not just run the page using Fiddler or Firebug to identify any requests that are not using SSL?

mjohnsonaz74
31 Mar 2011, 7:38 AM
I ran YSlow using Firefox and checked the net connections. There are no http connections being called. Also, this only happens under IE 8. Unfortunately, IE doesn't offer the best information for troubleshooting these kind of problems. The strangest part is that this is only happening for one user (a company employee) and the page was working fine on Tuesday, but yesterday (Wednesday) it started throwing these warnings. I haven't deployed any new code so I assumed his IE updated and perhaps it's a bug.

I really don't know at this point. I posted this question in the hope that there was a known problem with using Ext JS and ajax over an SSL connection. I thought that I might be missing a key config setting. Now it's looking like I'm getting ready to hit one of those fun IE brick walls. :-/

Screamy
31 Mar 2011, 11:21 AM
I manage a medium sized application which runs exclusively under SSL (an Apache permanent-redirect forces SSL on all connections) and it runs without issue on IE8. All target PCs running the app are set for auto-updates, so we always get the latest Windows updates, IE patches, etc.

During development, I once had the problem you were describing, but it was the result of a hard-coded 'http://' I tacked onto an image resource while debugging and forgot to remove.

Regardless, IE is the debbil and I hope anyone who ever had a hand in developing it dies a painful death.

If you haven't already, try manually clearing the browser cache on the machine in question and hit Ctrl+R a couple of times at your app's main page. I've cleared up several edge-case/squirrely problems with IE this way.