Opened 14 years ago
Closed 13 years ago
#7571 closed defect (fixed)
dojox.html.metrics SSL mixed content issue
Reported by: | jsm174 | Owned by: | Bryan Forbes |
---|---|---|---|
Priority: | high | Milestone: | 1.3 |
Component: | Dojox | Version: | |
Keywords: | Grid HTTPS IE6 Security Secure Nonsecure | Cc: | |
Blocked By: | Blocking: |
Description
Hello. I'm using a grid control on a secure website. When I dynamically create the grid, in IE6, I receive the following "Security Information" dialog:
"This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?"
Here is a quick summary of the code I am using:
html:
<div id="grid-container-tcp"></div>
js:
. . . dojo.require("dojo.data.ItemFileReadStore"); dojo.require("dojox.grid.DataGrid"); . . . var gridContainer = dojo.byId("grid-container-" + cur_task); tasks[cur_task].grid = new dojox.grid.DataGrid({ id: "grid-" + cur_task, store: new dojo.data.ItemFileReadStore({data:data}), structure: tasks[cur_task].layout }, document.createElement('div')); tasks[cur_task].grid.onRowClick = function(event) { var link = dojo.byId("t" + event.grid.getItem(event.rowIndex).oid); link.parentNode.scrollTop = link.offsetTop - 22; }; gridContainer.appendChild(tasks[cur_task].grid.domNode); tasks[cur_task].grid.startup();
Change History (6)
comment:1 Changed 14 years ago by
comment:2 Changed 14 years ago by
Milestone: | 1.2 → 1.3 |
---|
comment:3 Changed 13 years ago by
I did some research on this cause i needed it to work, and i think i finally found the problem. In _Grid.js, function buildRendering, the following call causes the error:
dojox.html.metrics.initOnFontResize();
inside this function an empty iFrame is being created. Assigning a blank html page to that iFrame solves the problem for me.
comment:4 Changed 13 years ago by
Component: | DojoX Grid → Dojox |
---|---|
Owner: | changed from Bryan Forbes to Adam Peller |
Summary: | Grid on HTTPS throws IE6 "Security Information" dialog → dojox.html.metrics SSL mixed content issue |
From James Burke: See this forum thread for the discussion: http://www.dojotoolkit.org/forum/dojox-dojox/dojox-support/non-secure-items-message
Quote: To workaround, if you add the line: f.src = dojo.moduleUrl("dojo", "resources/blank.html"); BEFORE the iframe is appended to the body, your IE security message popup will disappear. I made this modification in my local sandbox and I'm able to run the grid tests without this popup.
I would expand on this to say it should look like:
f.src = dojo.config["dojoBlankHtmlUrl"] || dojo.moduleUrl("dojo", "resources/blank.html");
so that it can work in xdomain situations.
comment:5 Changed 13 years ago by
Owner: | changed from Adam Peller to Bryan Forbes |
---|
comment:6 Changed 13 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
I don't know if the grid uses iframes at all, but I know that an iframe without a set value for the href for the frame will generate a security warning on IE6.