ICEfaces
  1. ICEfaces
  2. ICE-2553

In https environment under Liferay 4.3.4 portlets display "non secure content found" warning in IE6

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 1.7DR#3
          • Fix Version/s: 1.7RC1, 1.7
          • Component/s: None
          • Labels:
            None
          • Environment:
            Liferay 4.3.4, JSF RI 1.2 , Jboss 4.2.1
          • ICEsoft Forum Reference:
          • Workaround Exists:
            Yes
          • Workaround Description:
             I investigated this issue a little and Changet src attribute of history-frame from about:blank to javascript:void(0) and everything worked fine. I suggest to apply this fix in DOMResponseWriter.

            Description

            Hello,
            I faced small problem in Icefaces (1.7.0-DR3). I'm trying to run portlet application (Liferay-4.3.4) and get "Non secure content" alert in IE6.

              Activity

              Ascending order - Click to sort in descending order
              Dmitry Kudryavtsev created issue -
              Hide
              Permalink
              Dmitry Kudryavtsev added a comment -

              javascript:void() doesn't help. I've added the same behaviour for PortletRequest as for HttpServletRequest in DOMResponseWriter.enhanceBody() to test and everything worked fine

              Show
              Dmitry Kudryavtsev added a comment - javascript:void() doesn't help. I've added the same behaviour for PortletRequest as for HttpServletRequest in DOMResponseWriter.enhanceBody() to test and everything worked fine
              Hide
              Permalink
              Ken Fyten added a comment -

              Please review this, I think it's a duplicate of the ones you've already fixed for Beta1. Please Close it as a duplicate if it is.

              Show
              Ken Fyten added a comment - Please review this, I think it's a duplicate of the ones you've already fixed for Beta1. Please Close it as a duplicate if it is.
              Ken Fyten made changes -
              Field Original Value New Value
              Assignee Yip Ng [ yip.ng ]
              Hide
              Permalink
              Dmitry Kudryavtsev added a comment -

              I've checked out the code from SVN and I looked into source of DOMResponseWriter. It appears to be that in the code below under portlet environment else block is executed and source of IFrame is about:blank which produces this Non-secure content warning in IE. I think that bug is still present. It works in Servlet environment, but not in Portlet environment.

              if (request instanceof HttpServletRequest) {
              HttpServletRequest httpRequest = (HttpServletRequest) request;
              if (httpRequest.getRequestURI() == null)

              { frameURI = "about:blank"; }

              else

              { frameURI = CoreUtils.resolveResourceURL(FacesContext.getCurrentInstance(), "/xmlhttp/blank"); }


              } else

              { frameURI = "about:blank"; }

              Show
              Dmitry Kudryavtsev added a comment - I've checked out the code from SVN and I looked into source of DOMResponseWriter. It appears to be that in the code below under portlet environment else block is executed and source of IFrame is about:blank which produces this Non-secure content warning in IE. I think that bug is still present. It works in Servlet environment, but not in Portlet environment. if (request instanceof HttpServletRequest) { HttpServletRequest httpRequest = (HttpServletRequest) request; if (httpRequest.getRequestURI() == null) { frameURI = "about:blank"; } else { frameURI = CoreUtils.resolveResourceURL(FacesContext.getCurrentInstance(), "/xmlhttp/blank"); } } else { frameURI = "about:blank"; }
              Ken Fyten made changes -
              Fix Version/s 1.7 [ 10080 ]
              Assignee Priority P2
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #15820 Tue Feb 19 17:39:54 MST 2008 yip.ng ICE-2553
              Changed src of iframe from about:blank to a dummy HTML page to avoid security warning from IE in HTTPS.
              Files Changed
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/context/DOMResponseWriter.java
              Hide
              Permalink
              yip.ng added a comment -

              Screenshot showing the fix. No secruity warning occurred anymore.

              Show
              yip.ng added a comment - Screenshot showing the fix. No secruity warning occurred anymore.
              yip.ng made changes -
              Attachment screenshot-1.jpg [ 10833 ]
              yip.ng made changes -
              Status Open [ 1 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              Ken Fyten made changes -
              Fix Version/s 1.7RC1 [ 10123 ]
              Fix Version/s 1.7 [ 10080 ]
              Hide
              Permalink
              Stefan Baader added a comment -

              Yes, please fix this urgently. In companies like ours IE is used as standard and this is a show stopper.

              Show
              Stefan Baader added a comment - Yes, please fix this urgently. In companies like ours IE is used as standard and this is a show stopper.
              Ken Fyten made changes -
              Fix Version/s 1.7 [ 10080 ]
              Ken Fyten made changes -
              Status Resolved [ 5 ] Closed [ 6 ]
              Assignee Priority P2
              Assignee Yip Ng [ yip.ng ]

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  Dmitry Kudryavtsev
                • Votes:
                  8 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: