Opened 13 years ago
Closed 12 years ago
#7571 closed defect (fixed)
dojox.html.metrics SSL mixed content issue
| Reported by: | jsm174 | Owned by: | Bryan Forbes |
|---|---|---|---|
| Priority: | high | Milestone: | 1.3 |
| Component: | Dojox | Version: | |
| Keywords: | Grid HTTPS IE6 Security Secure Nonsecure | Cc: | |
| Blocked By: | Blocking: |
Description
Hello. I'm using a grid control on a secure website. When I dynamically create the grid, in IE6, I receive the following "Security Information" dialog:
"This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?"
Here is a quick summary of the code I am using:
html:
<div id="grid-container-tcp"></div>
js:
.
.
.
dojo.require("dojo.data.ItemFileReadStore");
dojo.require("dojox.grid.DataGrid");
.
.
.
var gridContainer = dojo.byId("grid-container-" + cur_task);
tasks[cur_task].grid = new dojox.grid.DataGrid({
id: "grid-" + cur_task,
store: new dojo.data.ItemFileReadStore({data:data}),
structure: tasks[cur_task].layout
}, document.createElement('div'));
tasks[cur_task].grid.onRowClick = function(event) {
var link = dojo.byId("t" + event.grid.getItem(event.rowIndex).oid);
link.parentNode.scrollTop = link.offsetTop - 22;
};
gridContainer.appendChild(tasks[cur_task].grid.domNode);
tasks[cur_task].grid.startup();
Change History (6)
comment:1 Changed 13 years ago by
comment:2 Changed 13 years ago by
| Milestone: | 1.2 → 1.3 |
|---|
comment:3 Changed 12 years ago by
I did some research on this cause i needed it to work, and i think i finally found the problem. In _Grid.js, function buildRendering, the following call causes the error:
dojox.html.metrics.initOnFontResize();
inside this function an empty iFrame is being created. Assigning a blank html page to that iFrame solves the problem for me.
comment:4 Changed 12 years ago by
| Component: | DojoX Grid → Dojox |
|---|---|
| Owner: | changed from Bryan Forbes to Adam Peller |
| Summary: | Grid on HTTPS throws IE6 "Security Information" dialog → dojox.html.metrics SSL mixed content issue |
From James Burke: See this forum thread for the discussion: http://www.dojotoolkit.org/forum/dojox-dojox/dojox-support/non-secure-items-message
Quote: To workaround, if you add the line: f.src = dojo.moduleUrl("dojo", "resources/blank.html"); BEFORE the iframe is appended to the body, your IE security message popup will disappear. I made this modification in my local sandbox and I'm able to run the grid tests without this popup.
I would expand on this to say it should look like:
f.src = dojo.config["dojoBlankHtmlUrl"] || dojo.moduleUrl("dojo", "resources/blank.html");
so that it can work in xdomain situations.
comment:5 Changed 12 years ago by
| Owner: | changed from Adam Peller to Bryan Forbes |
|---|
comment:6 Changed 12 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
I don't know if the grid uses iframes at all, but I know that an iframe without a set value for the href for the frame will generate a security warning on IE6.