View Full Version : Avoiding warning on IE when using Grid over SSL

4 Nov 2006, 11:08 PM
I have a simple test Grid that uses the DefaultDataModel. If I access the page via HTTPS using IE 6, I get the following warning : "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" The grid renders correctly regardless of whether I answer yes or no, but the popup is annoying.

While searching for a solution, I ran into this post:

Based on Jack's comment on that thread, I tried to set YAHOO.ext.EventManager.ieDeferSrc to a blank HTML page on the same server, but no cigar. I tried both relative and absolute URLs.

Ideas anyone? Thanks in advance.

5 Nov 2006, 3:59 AM
That message is very irritating, I agree. It's due to the iframe used in IE to keep selects and stuff from showing through the grid's headers.

It will be corrected in the next build. In the meantime, you can use the version off my blog:


I went through and consolidated all the spots that need an ssl secure url and made it one setting:

YAHOO.ext.SSL_SECURE_URL = 'https://yourserver.com/blank.htm';

Let me know if that fixes it for you.

5 Nov 2006, 8:43 PM
Jack - just tried out the beta and it works great.

Interestingly, I didn't even have to set YAHOO.ext.SSL_SECURE_URL - the default value (javascript:false?) seemed to do the trick this time.

5 Nov 2006, 9:40 PM
Sweet. I thought javascript:false might work.

8 Nov 2006, 3:11 PM
Bad news Jack - I ran into this problem again when I started using BorderLayout. Tried setting YAHOO.ext.SSL_SECURE_URL to point to a blank file on the server with no luck (I tried both relative and absolute URLs).

I'm using yui-ext_33-beta3.2.1.js. Any suggestions?

8 Nov 2006, 5:50 PM
BorderLayout doesn't create any iframes. Are you creating them manually?

8 Nov 2006, 6:16 PM
Nope. I thought I might be screwing something up, so I pared down the file to what's listed below and the problem still shows up. The file is hosted at (it's on my intranet).

yui-ext.js is the latest beta (0.33 beta 4). Let me know if I can help debug in any way. Thanks.



function initLayout() {
var layout = new YAHOO.ext.BorderLayout( document.body, {
center: {
layout.add( 'center', new YAHOO.ext.ContentPanel('content') );


9 Nov 2006, 1:50 AM
Can you repost it and check the "Disable HTML" checkbox? Thanks.

9 Nov 2006, 10:18 AM
I edited my earlier post and checked "Disable HTML in this post". Let me know if that did the trick.

9 Nov 2006, 4:53 PM
Hmmm, I think I know the problem. To maintain backwards compatibility I made EventManager still use ieDeferSrc but it initializes to YAHOO.ext.SSL_SECURE_URL by default. The thing is, that is set AFTER the event manager is initialized so it is wrong.

For now, you can do this:

YAHOO.ext.EventManager.ieDeferSrc = YAHOO.ext.SSL_SECURE_URL;

Let me know if that fixes it. I will remove the need for the duplicate in the next build.

9 Nov 2006, 6:29 PM
Jack - that did the trick! Thank you.