Sol Kindle | 22 Mar 02:20 2006

Re: Mixed Content Bug -- SOLUTION!

It looks like I found the culprit.  It is line 79 in dojo/src/storage/browser.js which links to a macromedia shockwave site. This line:

storeParts.push('   codebase=",0,0,0"');

will cause a Mixed-Content error in IE if the you are running on a secure server (https).  By modifying the line to:

storeParts.push('    codebase=",0,0,0"');

..the problem goes away.

Attached is a bare bones html file that will reproduce the problem.  Just by including dojo.js (0.2.2 Kitchen Sink version) in this file and placing it on a secure server, you should see the error reproduced in IE.

I have attempted to enter this bug into Dojo's bugtracker.  The defect number is #550.
As this is my first bug report, please let me know if I did anything wrong



sam foster wrote:
iframe_history.html should be in the dojo root - right alongside dojo.js. It has a role to play in the undo / history functionality, and that's about all I can tell you - but I'm guessing it wouldnt be too hard to trigger inadvertently if you've been starting with code from demos etc. I'm fumbling around, but those mixed content errors mean something somewhere isnt loading correctly, and if its not showing up as a request in fiddler, it must be an error like the about:blank one iframe src you mentioned ... If the fire is out for now, hopefully someone can come up with a better explanation tommorow. Sam On 3/20/06, Sol Kindle <kindsol <at>> wrote:
Thank you for the reply. sam foster wrote:
How are you using Dojo?
My current deployment is only using the xmphttp layer for AJAX communication. I have replaced the "kitchen sink" version of dojo and the problem has gone away (with this workaround I can finally go home for the night!) It seems like just including the dojo.js "kitchen sink" version exhibits the mixed content problem . I guess that I should probably try to reproduce this problem outside of my project.
Can you look at what requests are being made that are/are not over SSL?
Using "fiddler" all I could see were encrypted requests/responses.
Do you have the iframe_history.html where it should be?
I do not know about the iframe_history.html file. What is it for? Thanks again for your reply. -Sol
_______________________________________________ Dojo FAQ: Dojo-interest <at>
Original Message: 3/20/06, Sol Kindle <kindsol <at>> wrote: > Hey now. I'm a fairly green newbie here and I am getting a "This page > contains both secure and nonsecure items" security warning from my > webapp in IE. My urgent cry for help here is because my app has already > been deployed to production and I need to fix this thing tonight. > > I am using the latest "kitchen sink" toolkit release 0.2.2. If I remove > the inclusion of dojo.js the problem goes away. I found a similar issue > about this > ( > but by making the suggested change in dojo.js, my problem did not go away. > > Any suggestions on how to find this bug? Any more information that I > can provide?

Hello, World

Dojo FAQ:
Dojo-interest <at>