Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.7DR#3
-
Component/s: None
-
Labels:None
-
Environment:Liferay 4.3.4, JSF RI 1.2 , Jboss 4.2.1
-
ICEsoft Forum Reference:
-
Workaround Exists:Yes
-
Workaround Description:I investigated this issue a little and Changet src attribute of history-frame from about:blank to javascript:void(0) and everything worked fine. I suggest to apply this fix in DOMResponseWriter.
Description
I faced small problem in Icefaces (1.7.0-DR3). I'm trying to run portlet application (Liferay-4.3.4) and get "Non secure content" alert in IE6.
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion
Please review this, I think it's a duplicate of the ones you've already fixed for Beta1. Please Close it as a duplicate if it is.
I've checked out the code from SVN and I looked into source of DOMResponseWriter. It appears to be that in the code below under portlet environment else block is executed and source of IFrame is about:blank which produces this Non-secure content warning in IE. I think that bug is still present. It works in Servlet environment, but not in Portlet environment.
if (request instanceof HttpServletRequest) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
if (httpRequest.getRequestURI() == null)
else
{ frameURI = CoreUtils.resolveResourceURL(FacesContext.getCurrentInstance(), "/xmlhttp/blank"); }
} else
Screenshot showing the fix. No secruity warning occurred anymore.
Yes, please fix this urgently. In companies like ours IE is used as standard and this is a show stopper.
javascript:void() doesn't help. I've added the same behaviour for PortletRequest as for HttpServletRequest in DOMResponseWriter.enhanceBody() to test and everything worked fine