ICEfaces-EE
  1. ICEfaces-EE
  2. IPCK-451

<ice-cc:slider/> + SSL causes non-secure content to be loaded

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: EE-1.8.2.GA_P05
    • Fix Version/s: EE-1.8.2.GA_P07
    • Component/s: Facelet Components
    • Labels:
      None
    • Environment:
      IE9, SSL
    • Assignee Priority:
      P1
    • Salesforce Case Reference:

      Description

      The <ice-cc:slider/> composite component is implemented with the YUI library. The generated HTML includes JS from Yahoo CDN (yui.yahooapi.com). When viewed with IE9 + SSL, a security warning prompt appears indicating that non-secure content is being loaded.

      The icefaces-enterprise-comps-showcase.war can be used to reproduce the issue. Setting up SSL with Tomcat requires the following:

      1. $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

      This command will create a new file, in the home directory of the user under which you run it, named ".keystore". To specify a different location or filename, add the -keystore parameter, followed by the complete pathname to your keystore file, to the keytool command shown above.

      2. Uncomment the following in Tomcat's server.xml and also add the SSL specific attributes:

      <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                     maxThreads="150" scheme="https" secure="true"
                     keystoreFile="/Users/apple/.keystore" keystorePass="changeit"
                     clientAuth="false" sslProtocol="TLS" />
      1. ipck-451-IE8.png
        106 kB
      2. ipck-451-IE7.png
        53 kB
      3. ipck-451-IE6.png
        20 kB

        Activity

        Hide
        Philip Breau added a comment -

        All content for the slider now served from local, relative paths, which will be transparent for SSL configurations.

        Revision: 34943
        Author: philip.breau
        Date: July-16-13 2:32:43 PM
        Message:
        IPCK-451 <ice-cc:slider/> + SSL causes non-secure content to be loaded


        Modified : /icepack/trunk/icepack/composite-components/conf/faces-config.xml
        Modified : /icepack/trunk/icepack/composite-components/resources/css/common.css
        Added : /icepack/trunk/icepack/composite-components/resources/images/slider
        Added : /icepack/trunk/icepack/composite-components/resources/images/slider/rail-x.png
        Added : /icepack/trunk/icepack/composite-components/resources/images/slider/rail-y.png
        Added : /icepack/trunk/icepack/composite-components/resources/images/slider/sprite.png
        Added : /icepack/trunk/icepack/composite-components/resources/images/slider/thumb-x.png
        Added : /icepack/trunk/icepack/composite-components/resources/js/slider.js
        Modified : /icepack/trunk/icepack/composite-components/web/slider/slider.xhtml
        Modified : /icepack/trunk/icepack/composite-components/web/theme/_inlineCSS.xhtml
        Modified : /icepack/trunk/icepack/samples/composite-comps-showcase/web/WEB-INF/includes/examples/composition-components/sliderDemo.jspx
        Added : /icepack/trunk/icepack/samples/composite-comps-showcase/web/images/icefaces-thumb.png

        Show
        Philip Breau added a comment - All content for the slider now served from local, relative paths, which will be transparent for SSL configurations. Revision: 34943 Author: philip.breau Date: July-16-13 2:32:43 PM Message: IPCK-451 <ice-cc:slider/> + SSL causes non-secure content to be loaded Modified : /icepack/trunk/icepack/composite-components/conf/faces-config.xml Modified : /icepack/trunk/icepack/composite-components/resources/css/common.css Added : /icepack/trunk/icepack/composite-components/resources/images/slider Added : /icepack/trunk/icepack/composite-components/resources/images/slider/rail-x.png Added : /icepack/trunk/icepack/composite-components/resources/images/slider/rail-y.png Added : /icepack/trunk/icepack/composite-components/resources/images/slider/sprite.png Added : /icepack/trunk/icepack/composite-components/resources/images/slider/thumb-x.png Added : /icepack/trunk/icepack/composite-components/resources/js/slider.js Modified : /icepack/trunk/icepack/composite-components/web/slider/slider.xhtml Modified : /icepack/trunk/icepack/composite-components/web/theme/_inlineCSS.xhtml Modified : /icepack/trunk/icepack/samples/composite-comps-showcase/web/WEB-INF/includes/examples/composition-components/sliderDemo.jspx Added : /icepack/trunk/icepack/samples/composite-comps-showcase/web/images/icefaces-thumb.png
        Hide
        Carmen Cristurean added a comment -

        Verified fix with the icefaces-enterprise-comps-showcase application from the ICEfacesEE-1.8.2.GA_P07-bin.zip binary bundle on iceads1/Public/icefaces-ee.

        Test passes in Firefox 21, Chrome27, and IE10; and it fails in IE6, IE7, IE8, and IE9. All these failures are not SSL specific.

        IE6: ice-cc:slider component fails to render on demo page (screen shot ipck-IE6.png).

        IE7: a JS error occurs on demo page load (screen shot ipck-ie7.png), if clicking 'ok' on it the component fails to render.

        IE8: also a JS error on page load (screen shot ipck-ie8.png), the error is:

        Message: 'undefined' is null or not an object
        Line: 220
        Char: 309
        Code: 0
        URI: https://10.18.39.180:8443/icefaces-enterprise-comps-showcase/block/resource/LTk0MDYyNjI5OA==/

        Closing the JS error popup, the component is rendered but cannot be dragged because of other JS errors.

        IE9: the demo page renders without any security warnings or JS errors, but dragging the sliders fails to update the values on the page, and the sliders can be dragged far outside of their limits.

        Show
        Carmen Cristurean added a comment - Verified fix with the icefaces-enterprise-comps-showcase application from the ICEfacesEE-1.8.2.GA_P07-bin.zip binary bundle on iceads1/Public/icefaces-ee. Test passes in Firefox 21, Chrome27, and IE10; and it fails in IE6, IE7, IE8, and IE9. All these failures are not SSL specific. IE6: ice-cc:slider component fails to render on demo page (screen shot ipck-IE6.png). IE7: a JS error occurs on demo page load (screen shot ipck-ie7.png), if clicking 'ok' on it the component fails to render. IE8: also a JS error on page load (screen shot ipck-ie8.png), the error is: Message: 'undefined' is null or not an object Line: 220 Char: 309 Code: 0 URI: https://10.18.39.180:8443/icefaces-enterprise-comps-showcase/block/resource/LTk0MDYyNjI5OA==/ Closing the JS error popup, the component is rendered but cannot be dragged because of other JS errors. IE9: the demo page renders without any security warnings or JS errors, but dragging the sliders fails to update the values on the page, and the sliders can be dragged far outside of their limits.
        Hide
        Philip Breau added a comment -

        Backported YUI slider version to 3.0 from 3.1 and retested IE.

        Revision: 34987
        Author: philip.breau
        Date: July-22-13 4:14:19 PM
        Message:
        IPCK-451 <ice-cc:slider/> + SSL causes non-secure content to be loaded


        Modified : /icepack/trunk/icepack/composite-components/resources/css/common.css
        Modified : /icepack/trunk/icepack/composite-components/resources/js/slider.js
        Modified : /icepack/trunk/icepack/composite-components/web/slider/slider.xhtml
        Modified : /icepack/trunk/icepack/composite-components/web/theme/_inlineCSS.xhtml

        Show
        Philip Breau added a comment - Backported YUI slider version to 3.0 from 3.1 and retested IE. Revision: 34987 Author: philip.breau Date: July-22-13 4:14:19 PM Message: IPCK-451 <ice-cc:slider/> + SSL causes non-secure content to be loaded Modified : /icepack/trunk/icepack/composite-components/resources/css/common.css Modified : /icepack/trunk/icepack/composite-components/resources/js/slider.js Modified : /icepack/trunk/icepack/composite-components/web/slider/slider.xhtml Modified : /icepack/trunk/icepack/composite-components/web/theme/_inlineCSS.xhtml
        Hide
        Carmen Cristurean added a comment - - edited

        Confirmed as fixed with ICEfaces 1.8.2.GA_Build7/Build8 in IE6/7/8/10/FF17/FF21/Chrome27.

        Show
        Carmen Cristurean added a comment - - edited Confirmed as fixed with ICEfaces 1.8.2.GA_Build7/Build8 in IE6/7/8/10/FF17/FF21/Chrome27.

          People

          • Assignee:
            Philip Breau
            Reporter:
            Tyler Johnson
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: