Dynamically loading JS into iFrames - preventing IE7 popups whenleaving/entering secure connection

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • bizt
    #1

    Dynamically loading JS into iFrames - preventing IE7 popups whenleaving/entering secure connection

    Hi,

    I have a webpage where Im creating AJAX type requests by loading
    dynamic pages containg JavaScript into hidden iFrames. The reason I am
    opting for this method over XmlHttpRequest object requests is because
    I wish for some of my requests to be over a secure https:// connection
    and other not so private requests to be made over http:// .. using
    XmlHttpRequest I am unable to make requests between two domains http/
    https from the one page (which is an http page so https requests will
    not work .. so I have read anyway). So, the iFrame method system
    allows this but one slight issue which Im wanting to find a way
    around:

    When I load a page into one of my iFrames which is an https page, in
    IE7 (and IE6 I presume) give me a series of alerts telling me I am
    entering or leaving secure connection when Im not even leaving the
    page, which is quite alarming. I get about 4 of these for just one
    request. I was hoping that there is a way around this as I am worried
    that, especially at a time of transition from IE6 to IE7 and security
    options possibly reset, many new users to my site will get these
    alerts and be concerned with the security of my site.

    Does anyone have any ideas that may combat this if possible?
    Tags: None
    • VK
      #2
      Re: Dynamically loading JS into iFrames - preventing IE7 popups whenleaving/entering secure connection

      On May 29, 6:22 pm, bizt <bissa...@yahoo .co.ukwrote:
      Hi,
      >
      I have a webpage where Im creating AJAX type requests by loading
      dynamic pages containg JavaScript into hidden iFrames. The reason I am
      opting for this method over XmlHttpRequest object requests is because
      I wish for some of my requests to be over a secure https:// connection
      and other not so private requests to be made over http:// .. using
      XmlHttpRequest I am unable to make requests between two domains http/
      https from the one page (which is an http page so https requests will
      not work .. so I have read anyway). So, the iFrame method system
      allows this but one slight issue which Im wanting to find a way
      around:
      >
      When I load a page into one of my iFrames which is an https page, in
      IE7 (and IE6 I presume) give me a series of alerts telling me I am
      entering or leaving secure connection when Im not even leaving the
      page, which is quite alarming. I get about 4 of these for just one
      request. I was hoping that there is a way around this as I am worried
      that, especially at a time of transition from IE6 to IE7 and security
      options possibly reset, many new users to my site will get these
      alerts and be concerned with the security of my site.
      >
      Does anyone have any ideas that may combat this if possible?
      Warnings on leaving encrypted page for non-encrypted one, on leaving
      non-encrypted for encrypted one, on loading a mixed content page with
      both encrypted and non-encrypted elements: are separate browser
      security settings you have no control over. Logically thinking: what
      would be any security warning good for is any server could disable
      it? ;-)

      So in your case you only can place a text on your page like "if you
      see a security warning, disregard it". Very silly and makes people
      even more suspicious - so rarely used.

      This is why HTTP <=HTTPS jumps based solutions are not used as non-
      implementable with the desired usability. The final solution depends
      on the nature of the transmitted data. If it is a really sensitive
      information every time, then do the whole session under HTTPS.
      HTTPS is a rather resource expensive protocol, so many solutions are
      using it only on the authentication stage: thus login/password being
      submitted over HTTPS and if correct then server-side redirect to HTTP
      for the rest of the session.

      Yours to decide what of above to use in your own case.

        Comment

        Previous template Next
        Working...