Opened 14 years ago

Closed 13 years ago

#7571 closed defect (fixed)

dojox.html.metrics SSL mixed content issue

Reported by: jsm174 Owned by: Bryan Forbes
Priority: high Milestone: 1.3
Component: Dojox Version:
Keywords: Grid HTTPS IE6 Security Secure Nonsecure Cc:
Blocked By: Blocking:


Hello. I'm using a grid control on a secure website. When I dynamically create the grid, in IE6, I receive the following "Security Information" dialog:

"This page contains both secure and nonsecure items.

Do you want to display the nonsecure items?"

Here is a quick summary of the code I am using:


<div id="grid-container-tcp"></div>


var gridContainer = dojo.byId("grid-container-" + cur_task);

tasks[cur_task].grid = new dojox.grid.DataGrid({
   id: "grid-" + cur_task,
   store: new{data:data}),
   structure: tasks[cur_task].layout
}, document.createElement('div'));
tasks[cur_task].grid.onRowClick = function(event) {
   var link = dojo.byId("t" + event.grid.getItem(event.rowIndex).oid);
   link.parentNode.scrollTop = link.offsetTop - 22;


Change History (6)

comment:1 Changed 14 years ago by Jared Jurkiewicz

I don't know if the grid uses iframes at all, but I know that an iframe without a set value for the href for the frame will generate a security warning on IE6.

comment:2 Changed 14 years ago by bill

Milestone: 1.21.3

comment:3 Changed 13 years ago by Manuel Irrschik

I did some research on this cause i needed it to work, and i think i finally found the problem. In _Grid.js, function buildRendering, the following call causes the error:


inside this function an empty iFrame is being created. Assigning a blank html page to that iFrame solves the problem for me.

comment:4 Changed 13 years ago by Bryan Forbes

Component: DojoX GridDojox
Owner: changed from Bryan Forbes to Adam Peller
Summary: Grid on HTTPS throws IE6 "Security Information" dialogdojox.html.metrics SSL mixed content issue

From James Burke: See this forum thread for the discussion:

Quote: To workaround, if you add the line: f.src = dojo.moduleUrl("dojo", "resources/blank.html"); BEFORE the iframe is appended to the body, your IE security message popup will disappear. I made this modification in my local sandbox and I'm able to run the grid tests without this popup.

I would expand on this to say it should look like:

f.src = dojo.config["dojoBlankHtmlUrl"] || dojo.moduleUrl("dojo", "resources/blank.html");

so that it can work in xdomain situations.

comment:5 Changed 13 years ago by Bryan Forbes

Owner: changed from Adam Peller to Bryan Forbes

comment:6 Changed 13 years ago by Bryan Forbes

Resolution: fixed
Status: newclosed

(In [16429]) fixes #7571

  • Added code to keep SSL mixed content issues from happening with the metrics code.
Note: See TracTickets for help on using tickets.