Tapestry
  1. Tapestry
  2. TAPESTRY-1254

IE7 mixed secure/nonsecure SSL warning on https using dojo dialog component

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 4.1.1, 4.1.2
    • Fix Version/s: 4.1.2
    • Component/s: JavaScript
    • Labels:
      None
    • Environment:
      IE7, win xp

      Description

      Using Tap 4.1.1 and 4.1.2 snapshots, Dialog component on secure SSL pages gives "This page contains both secure and
      nonsecure items" warning message. Does not happen in IE6.

      See iframe.js and other related files: if(dojo.render.html.ie55 || dojo.render.html.ie60) {var html="<iframe src='javascript:false'" ....

        Activity

        Hide
        Jesse Kuhnert added a comment -

        Fixed with dojo upgrade. (i hope)

        Show
        Jesse Kuhnert added a comment - Fixed with dojo upgrade. (i hope)
        Hide
        Anna Vo added a comment -

        This issue still occurs after updating to the 4.1.2-20070206.050455 snapshot. After adding "|| dojo.render.html.ie70" to the ie55 or ie60 conditional in iframe.js the secure message still displays.

        Show
        Anna Vo added a comment - This issue still occurs after updating to the 4.1.2-20070206.050455 snapshot. After adding "|| dojo.render.html.ie70" to the ie55 or ie60 conditional in iframe.js the secure message still displays.
        Hide
        Greg Woolsey added a comment -

        I get this on only one page in our app, that doesn't use our standard border component (wrapping a Shell component). I can't find any differences in the rendered JavaScript that would account for the problematic behavior. It happens on all widgets based on dojo.widget.Dialog, only on this one page. All pages use derivatives of this widget, from the Tapestry validation dialog to our custom replacements for window.alert() and window.confirm(). We only get the mixed content warning the first time this one page tries too create a widget for a subclass of dojo.widget.Dialog.

        Using Fiddler and IEHTTPAnalyzer, I don't see any browser requests via HTTP or HTTPS at widget creation time, and there is no IFRAME generated either on IE7, as it doesn't need one and the logic for the background IFRAME specifies only IE 5.5 and IE6.

        I'm stumped as to where the mixed content warning is coming from - it must be some sort of invalid (ie malformed) request that results in an IE internal error page response, as those are flagged as "insecure" by the browser, and would account for why Fiddler and IEHTTPAnalyzer never saw the request.

        Show
        Greg Woolsey added a comment - I get this on only one page in our app, that doesn't use our standard border component (wrapping a Shell component). I can't find any differences in the rendered JavaScript that would account for the problematic behavior. It happens on all widgets based on dojo.widget.Dialog, only on this one page. All pages use derivatives of this widget, from the Tapestry validation dialog to our custom replacements for window.alert() and window.confirm(). We only get the mixed content warning the first time this one page tries too create a widget for a subclass of dojo.widget.Dialog. Using Fiddler and IEHTTPAnalyzer, I don't see any browser requests via HTTP or HTTPS at widget creation time, and there is no IFRAME generated either on IE7, as it doesn't need one and the logic for the background IFRAME specifies only IE 5.5 and IE6. I'm stumped as to where the mixed content warning is coming from - it must be some sort of invalid (ie malformed) request that results in an IE internal error page response, as those are flagged as "insecure" by the browser, and would account for why Fiddler and IEHTTPAnalyzer never saw the request.
        Hide
        Greg Woolsey added a comment -

        I found the problem - it's in dojo.a11y.testAccessible()

        See this Blog entry I found:

        http://davidovitz.blogspot.com/2006/09/https-bug-in-ie.html

        All that is needed in the above function is this line before the removeChild() call at the end:

        div.style.backgroundImage = "";

        I overrode this method in my local code and it got rid of the mixed content warning. Looks like a bug report needs to be filed with Dojo (I don't have access to that).

        This code is called whenever a widget is built, from widget.js, which is also why I noticed so many requests for tab_close.gif in my server log.

        Show
        Greg Woolsey added a comment - I found the problem - it's in dojo.a11y.testAccessible() See this Blog entry I found: http://davidovitz.blogspot.com/2006/09/https-bug-in-ie.html All that is needed in the above function is this line before the removeChild() call at the end: div.style.backgroundImage = ""; I overrode this method in my local code and it got rid of the mixed content warning. Looks like a bug report needs to be filed with Dojo (I don't have access to that). This code is called whenever a widget is built, from widget.js, which is also why I noticed so many requests for tab_close.gif in my server log.
        Hide
        Jesse Kuhnert added a comment -

        Cool thanks Greg! I took that a11y crap out in the latest 0.4.3 upgrade of dojo anyways because the remote image fetches it was doing were invasive / annoying / poor design to begin with.

        Show
        Jesse Kuhnert added a comment - Cool thanks Greg! I took that a11y crap out in the latest 0.4.3 upgrade of dojo anyways because the remote image fetches it was doing were invasive / annoying / poor design to begin with.

          People

          • Assignee:
            Jesse Kuhnert
            Reporter:
            Anna Vo
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development