Hi all,
The ComboBox component is causing the 'Warning page contains secure and nonsecure items on IE when using https' problem. (dojo 0.4.1-3). This component is used in JSF Tomahawk library.
The tomahaw issue is described here: https://issues.apache.org/jira/browse/TOMAHAWK-1034.
I was able to make a workaround for this problem, but I didn't find a real cause of this problem.
The workaround worked for some time, but when page became more complex, it stopped (which is very strange).
Could you check or give any hint where is the real problem with this component and how to fix it?
(Due to specifics of Tomahawk, the new 0.9+ version cannot be used)
Warning page contains secure and nonsecure items on IE when using https
Submitted by tbech on Fri, 08/01/2008 - 13:45.
- Login or register to post comments
- Unsubscribe post
are you sure this is caused
are you sure this is caused by the comboboxes? I have this issue popping up in places that have no comboboxes. I have a tabbed application and I notice this happens once I change tabs.
Could this be caused by xmlHttpRequests ?
Im still looking into my problem, if you find out anything else, please let us know :)
Good luck
UPDATE:
I just found this http://www.nabble.com/Secure-and-nonsecure-warning-in-IE-using-https-(SSL-or-TLS)-td18215785.html . It seems IE7 has a bug regarding backgroud images being set without a full path that makes it pull the images through https but treat them as "Insecure".
I havet tested this, but im about to. Cheers.
it is combobox
Yes, 100% sure it is comboBox.
follow up
my problem was exactly the one described in the link above. When I changed tabs I would destroy the content, of it which included a tree widget. In turn, this tree widget had some imgs that when destroyed would cause IE to erroneously show that warning message. The solution was to remove those nodes with outerHTML instead of leaving it to the previous process or removing the content.
in your case, I would say the problem is the styling of the widget. Try removing the widget in a safer way.
Hope that helps. Cheers
Cause of message
The reason for the 'message Warning page contains secure and nonsecure items on IE when using https' is because there are iframes that are configured with sources to javascript within DOJO. The source needs to be pointed to a blank htm page. This problem would have to be fixed from the DOJO source.
My cause of the message
I had this problem with tomahawk 1.1.5 also, and resolved it in the following manner:
Setting the src attributes on the iframes generated was a red herring for me; no matter what they were filled with (at create time, or manipulated after creation) there was no improvement in getting the security warning to disappear.
I checked out the source from apache, and went into the javascript resources, into dojo.js, dojo.js.uncompressed.js, and Widget.js and commented out the following line: dojo.a11y.setAccessibleMode();
This was located in the dojo.widget.buildWidgetFromParseTree function. Turns out that accessible mode stuff is loading a background image that IE can't determine whether it's supposed to be secure or not. By skipping the accessible mode thing (and the background image) that's being loaded _in every widget created_, the security warning is no longer being triggered.
I didn't feel like working around it so I skipped it, but if you want to work through it, you'll find the source you need in the a11y.js file.
You do have to fix it in the dojo source though, and recompile the tomahawk libs. Seems like this would be a problem even if you were using straight Dojo though as well. Someone may want to address that.
This url helped me locate the problem : http://stackoverflow.com/questions/59734/coding-dojo-with-ie-and-ssl