page contains both secure and nonsecure items When setting locationin IE6

**Thomas 'PointedEars' Lahn** · Jun 27 '08, 10:25 PM

Re: page contains both secure and nonsecure items When setting locationin IE6

DBLWizard wrote:

I'm fighting with IE on a secure site where I am trying to set the
location of a frame from within javascript using code similar to this.
>
sHref = "DocumentViewPD F.asp?DocumentT ype=<%=sDocumen tType
%>&Instrument= " + sInstrument;
objFrameImage = window.top.fram es['fraImage'];
objFrameImage.l ocation = sHref;
>
IE 6 throws up this message that says "This page contains both secure
and nonsecure items.". None of the other browsers seem to have this
problem including IE7. Is there a way to fix this?

Short answer: It's not a J(ava)Script problem. And it's not a bug, it's a
feature.

Long answer:

Probably the server-side ASP script, triggered with the client-side
assignment here, redirects to a non-SSL HTTP resource, inevitably
establishing another, insecure (i.e. unencrypted and unauthenticated ) HTTP
connection, which IE/MSHTML warns you about.

While you could simply disable the setting that triggers this behavior (in
Internet Options, Security or Advanced tab), the only way to prevent the
message from appearing reliably in all clients is not do to that, and to
perform server-side URL rewrite (proxying) instead.

How that can be done depends on your server and is off-topic here, on-topic
e.g. in comp.infosystem s.www.servers.* instead.

PointedEars
--
var bugRiddenCrashP ronePieceOfJunk = (
navigator.userA gent.indexOf('M SIE 5') != -1
&& navigator.userA gent.indexOf('M ac') != -1
) // Plone, register_functi on.js:16

**DBLWizard** · Jun 27 '08, 11:55 PM

Re: page contains both secure and nonsecure items When settinglocation in IE6

On Jun 27, 4:19 pm, Thomas 'PointedEars' Lahn <PointedE...@we b.de>
wrote:

DBLWizard wrote:

I'm fighting with IE on a secure site where I am trying to set the
location of a frame from within javascript using code similar to this.

>

sHref = "DocumentViewPD F.asp?DocumentT ype=<%=sDocumen tType
%>&Instrument= " + sInstrument;
objFrameImage = window.top.fram es['fraImage'];
objFrameImage.l ocation = sHref;

>

IE 6 throws up this message that says "This page contains both secure
and nonsecure items.". None of the other browsers seem to have this
problem including IE7. Is there a way to fix this?

>
Short answer: It's not a J(ava)Script problem. And it's not a bug, it's a
feature.
>
Long answer:
>
Probably the server-side ASP script, triggered with the client-side
assignment here, redirects to a non-SSL HTTP resource, inevitably
establishing another, insecure (i.e. unencrypted and unauthenticated ) HTTP
connection, which IE/MSHTML warns you about.
>
While you could simply disable the setting that triggers this behavior (in
Internet Options, Security or Advanced tab), the only way to prevent the
message from appearing reliably in all clients is not do to that, and to
perform server-side URL rewrite (proxying) instead.
>
How that can be done depends on your server and is off-topic here, on-topic
e.g. in comp.infosystem s.www.servers.*instead.
>
PointedEars
--
var bugRiddenCrashP ronePieceOfJunk = (
navigator.userA gent.indexOf('M SIE 5') != -1
&& navigator.userA gent.indexOf('M ac') != -1
) // Plone, register_functi on.js:16

Thomas,

To claify this is on a site with an SSL certificate and I never
declared it as a bug, only that I wanted to bypass it somehow. The
DocumentView.as p streams a pdf down to the page and no where no how am
I directing to a non SSL resouce. I have even tried putthing the
absolute https://sitename/DocumentView.asp on the location and that
doesn't change it.

Thanks

dbl

**Thomas 'PointedEars' Lahn** · Jun 28 '08, 09:15 PM

Re: page contains both secure and nonsecure items When setting locationin IE6

DBLWizard wrote:

I have further diagnosed the problem. It's not client side as I
originally suspected.

I have said that right from the start, have I not? I am really not the one
beating the already grounded, but had you properly read and followed my
advice in the first place you could have spared yourself and this group a
lot of trouble.

So to Thomas I owe an apology.

Please do.

But your attitude that I was trying to do something wrong or sneek something by the user really irritated me.

I never implied any of that! I merely said it was not a bug, i.e. not a
problem of the user agent but of the underlying programming of the Web
application. You really should read less into postings.

[top post of a top post]

And finally learn to quote.

<http://jibbering.com/faq/>

Score adjusted

PointedEars
--
Prototype.js was written by people who don't know javascript for people
who don't know javascript. People who don't know javascript are not
the best source of advice on designing systems that use javascript.
-- Richard Cornford, cljs, <f806at$ail$1$8 300dec7@news.de mon.co.uk>

page contains both secure and nonsecure items When setting locationin IE6

page contains both secure and nonsecure items When setting locationin IE6

Comment

Comment

Comment