Thursday, March 15, 2007

Non-secure item in a webpage accessed through HTTPS

Just got a good article about handling the pop-up message box "This page contains non-secure items, would you like to display those items?" from Scott Yang's playground .

Here's an excerpt from the article:

At work, the web application that I’ve been developing has always had this problem over a secure SSL link. On certain pages, before the document is fully loaded, a dialog box will popup telling me that “This page contains non-secure items, would you like to display those items?”. Whether I choose ‘Yes’ or ‘No’ does not really make a difference, and the application can still be executed perfectly. However, this dialog box is really annoying to the point that many people in the office has turned off this checking in their Internet Explorer preferences.

Make Sure You Have SRC Attribute In Your IFRAME!
We have quite a few IFRAME tags in our code, either pre-generated or appended to the document using DOM. Many of them are pointing to a relative URL when they are created, however, some of them are just created as hidden place holders. They are used in DHTML to replace some DIV code because DIV does hover well above the editing widgets. They are created without a SRC attribute, because their documents are created on the fly! Because the document does not have an URL, Internet Explorer gets confused and thus yield a warning on displaying non-secure items.
It ends up as an easy fix - just create thus IFRAME’s with SRC pointing to a dummy page using a relative URL.

No comments: