Features Download
From: Sol Kindle <kindsol <at> hotpop.com>
Subject: Re: Mixed Content Bug -- SOLUTION!
Newsgroups: gmane.comp.web.dojo.user
Date: Wednesday 22nd March 2006 01:20:29 UTC (over 10 years ago)
It looks like I found the culprit.  It is line 79 in 
dojo/src/storage/browser.js which links to a macromedia shockwave site. 
This line:


will cause a Mixed-Content error in IE if the you are running on a 
secure server (https).  By modifying the line to:

..the problem goes away.

Attached is a bare bones html file that will reproduce the problem.  
Just by including dojo.js (0.2.2 Kitchen Sink version) in this file and 
placing it on a secure server, you should see the error reproduced in IE.

I have attempted to enter this bug into Dojo's bugtracker.  The defect 
number is #550.
As this is my first bug report, please let me know if I did anything wrong



sam foster wrote:
> iframe_history.html should be in the dojo root - right alongside
> dojo.js. It has a role to play in the undo / history functionality,
> and that's about all I can tell you - but I'm guessing it wouldnt be
> too hard to trigger inadvertently if you've been starting with code
> from demos etc. I'm fumbling around, but those mixed content errors
> mean something somewhere isnt loading correctly, and if its not
> showing up as a request in fiddler, it must be an error like the
> about:blank one iframe src you mentioned ... If the fire is out for
> now, hopefully someone can come up with a better explanation tommorow.
> Sam
> On 3/20/06, Sol Kindle  wrote:
>> Thank you for the reply.
>> sam foster wrote:
>>> How are you using Dojo?
>> My current deployment is only using the xmphttp layer for AJAX
>> communication.  I have replaced the "kitchen sink" version of dojo and
>> the problem has gone away (with this workaround I can finally go home
>> for the night!)
>> It seems like just including the dojo.js "kitchen sink" version exhibits
>> the mixed content problem .
>> I guess that I should probably try to reproduce this problem outside of
>> my project.
>>> Can you look at what requests are being made that are/are not over SSL?
>> Using "fiddler" all I could see were encrypted requests/responses.
>>> Do you have the iframe_history.html where it should be?
>> I do not know about the iframe_history.html file.  What is it for?
>> Thanks again for your reply.
>> -Sol
> _______________________________________________
> Dojo FAQ: http://dojo.jot.com/FAQ
> [email protected]
> http://dojotoolkit.org/mailman/listinfo/dojo-interest
Original Message: 3/20/06, Sol Kindle  wrote:

> Hey now.  I'm a fairly green newbie here and I am getting a "This page
> contains both secure and nonsecure items" security warning from my
> webapp in IE.  My urgent cry for help here is because my app has already
> been deployed to production and I need to fix this thing tonight.
> I am using the latest "kitchen sink" toolkit release 0.2.2.  If I remove
> the inclusion of dojo.js the problem goes away.  I found a similar issue
> about this
> (http://dojotoolkit.org/pipermail/dojo-checkins/2006-February/004104.html)
> but by making the suggested change in dojo.js, my problem did not go
> Any suggestions on how to find this bug?  Any more information that I
> can provide?
CD: 3ms