page contains both secure and nonsecure items When setting locationin IE6

Howdy All,

I'm fighting with IE on a secure site where I am trying to set the
location of a frame from within javascript using code similar to this.

sHref = "DocumentViewPDF.asp?DocumentType=<%=sDocumentType
%>&Instrument=" + sInstrument;
objFrameImage = window.top.frames['fraImage'];
objFrameImage.location = sHref;

IE 6 throws up this message that says "This page contains both secure
and nonsecure items.". None of the other browsers seem to have this
problem including IE7. Is there a way to fix this?

Thanks

dbl

DBLWizard wrote:

Quote:

I'm fighting with IE on a secure site where I am trying to set the
location of a frame from within javascript using code similar to this.

sHref = "DocumentViewPDF.asp?DocumentType=<%=sDocumentType
%>&Instrument=" + sInstrument;
objFrameImage = window.top.frames['fraImage'];
objFrameImage.location = sHref;

IE 6 throws up this message that says "This page contains both secure
and nonsecure items.". None of the other browsers seem to have this
problem including IE7. Is there a way to fix this?

Short answer: It's not a J(ava)Script problem. And it's not a bug, it's a
feature.

Long answer:

Probably the server-side ASP script, triggered with the client-side
assignment here, redirects to a non-SSL HTTP resource, inevitably
establishing another, insecure (i.e. unencrypted and unauthenticated) HTTP
connection, which IE/MSHTML warns you about.

While you could simply disable the setting that triggers this behavior (in
Internet Options, Security or Advanced tab), the only way to prevent the
message from appearing reliably in all clients is not do to that, and to
perform server-side URL rewrite (proxying) instead.

How that can be done depends on your server and is off-topic here, on-topic
e.g. in comp.infosystems.www.servers.* instead.


PointedEars
--
var bugRiddenCrashPronePieceOfJunk = (
navigator.userAgent.indexOf('MSIE 5') != -1
&& navigator.userAgent.indexOf('Mac') != -1
) // Plone, register_function.js:16

On Jun 27, 4:19 pm, Thomas 'PointedEars' Lahn <PointedE... (AT) web (DOT) de>
wrote:

Quote:

DBLWizard wrote:
I'm fighting with IE on a secure site where I am trying to set the
location of a frame from within javascript using code similar to this.

sHref = "DocumentViewPDF.asp?DocumentType=<%=sDocumentType
%>&Instrument=" + sInstrument;
objFrameImage = window.top.frames['fraImage'];
objFrameImage.location = sHref;

IE 6 throws up this message that says "This page contains both secure
and nonsecure items.". None of the other browsers seem to have this
problem including IE7. Is there a way to fix this?

Short answer: It's not a J(ava)Script problem. And it's not a bug, it's a
feature.

Long answer:

Probably the server-side ASP script, triggered with the client-side
assignment here, redirects to a non-SSL HTTP resource, inevitably
establishing another, insecure (i.e. unencrypted and unauthenticated) HTTP
connection, which IE/MSHTML warns you about.

While you could simply disable the setting that triggers this behavior (in
Internet Options, Security or Advanced tab), the only way to prevent the
message from appearing reliably in all clients is not do to that, and to
perform server-side URL rewrite (proxying) instead.

How that can be done depends on your server and is off-topic here, on-topic
e.g. in comp.infosystems.www.servers.*instead.

PointedEars
--
var bugRiddenCrashPronePieceOfJunk = (
navigator.userAgent.indexOf('MSIE 5') != -1
&& navigator.userAgent.indexOf('Mac') != -1
) // Plone, register_function.js:16

Thomas,

To claify this is on a site with an SSL certificate and I never
declared it as a bug, only that I wanted to bypass it somehow. The
DocumentView.asp streams a pdf down to the page and no where no how am
I directing to a non SSL resouce. I have even tried putthing the
absolute https://sitename/DocumentView.asp on the location and that
doesn't change it.

Thanks

dbl

DBLWizard wrote:

Quote:

Thomas 'PointedEars' Lahn wrote:
DBLWizard wrote:
I'm fighting with IE on a secure site where I am trying to set the
location of a frame from within javascript using code similar to this.
sHref = "DocumentViewPDF.asp?DocumentType=<%=sDocumentType
%>&Instrument=" + sInstrument;
objFrameImage = window.top.frames['fraImage'];
objFrameImage.location = sHref;
IE 6 throws up this message that says "This page contains both secure
and nonsecure items.". None of the other browsers seem to have this
problem including IE7. Is there a way to fix this?
Short answer: It's not a J(ava)Script problem. And it's not a bug, it's a
feature.

Long answer:

Probably the server-side ASP script, triggered with the client-side
assignment here, redirects to a non-SSL HTTP resource, inevitably
establishing another, insecure (i.e. unencrypted and unauthenticated) HTTP
connection, which IE/MSHTML warns you about.

While you could simply disable the setting that triggers this behavior (in
Internet Options, Security or Advanced tab), the only way to prevent the
message from appearing reliably in all clients is not do to that, and to
perform server-side URL rewrite (proxying) instead.

How that can be done depends on your server and is off-topic here, on-topic
e.g. in comp.infosystems.www.servers.*instead.
[...]

[...]
To claify this is on a site with an SSL certificate and I never
declared it as a bug,

You implied that it was a problem *of* IE, i.e. a bug. It's not.

Quote:

only that I wanted to bypass it somehow.

Why would you want to bypass a Good Thing?

Quote:

The DocumentView.asp streams a pdf down to the page and no where no how
am I directing to a non SSL resouce. I have even tried putthing the
absolute https://sitename/DocumentView.asp on the location and that
doesn't change it.

No surprise here because it matters what ASP does, not how it is invoked.

Again, it's most certainly _not_ a problem with your posted script code (a
quick test with <a href="..." target="fraImage">foo</a> probably shows).
(But then, alas you posted only "similar" code.)

So unless you have a server-side JScript script in ASP here that you need
help about, your problem is *off-topic* here. But even then a newsgroup or
forum dedicated to ASP (.NET) would be a better choice, as the ASP experts
are *there*.

In order to have a chance to receive further helpful replies here and
*elsewhere*, I strongly suggest you learn how to post properly in Usenet:

<http://www.jibbering.com/faq/#FAQ2_3>


PointedEars
--
var bugRiddenCrashPronePieceOfJunk = (
navigator.userAgent.indexOf('MSIE 5') != -1
&& navigator.userAgent.indexOf('Mac') != -1
) // Plone, register_function.js:16

Ok I'm not sure if your dense or what. This is a clientside problem
not a server side problem. This is running in a onload of one page
that is in an adjacent frame. The code I have presented here is
EXACTLY the code that is causing the problem. I'm not trying to GET
AROUND anything. I am trying to figure out why IE6 is the only
browser that seems to have a problem with this code. Yes I implied it
is an problem in IE. And as I am not connecting to an unsecured
resouce I guess I would it is presenting false information to user.

Let me give you another example of a similar "problem". IE6 gives the
same message with the following code:

function showImage(sredirection){
{
var newwin = window.open("", "",
"toolbar=0,location=0,directories=0,status=1,menub ar=0,scrollbars=0,resizable=0,maximized=1")
newwin.location.href = "DocumentView.asp" + sredirection
newwin.focus();
}

But does not when the code looks like this:

function showImage(sredirection){
{
var newwin = window.open("DocumentView.asp" + sredirection, "",
"toolbar=0,location=0,directories=0,status=1,menub ar=0,scrollbars=0,resizable=0,maximized=1")
newwin.focus();
}

Now I don't know if you call that a bug or not. But its inconsistent
at the least.
Another example is if you initialize a frame with no source like this
IE 6 throws up a message about secure and unsecure information on the
same page:

<frame scrolling="no" name="fraImage" src="">

But if you create a "blank" html page as a place holder it is ok.

<frame scrolling="no" name="fraImage" src="blank.htm">

Again, I'm not trying to deceive the user. I believe i am getting
this message erroneously and want to find someway as in the above
examples to get the message to go away.

On Jun 28, 4:16 am, Thomas 'PointedEars' Lahn <PointedE... (AT) web (DOT) de>
wrote:

Quote:

DBLWizard wrote:
Thomas 'PointedEars' Lahn wrote:
DBLWizard wrote:
I'm fighting with IE on a secure site where I am trying to set the
location of a frame from within javascript using code similar to this.
sHref = "DocumentViewPDF.asp?DocumentType=<%=sDocumentType
%>&Instrument=" + sInstrument;
objFrameImage = window.top.frames['fraImage'];
objFrameImage.location = sHref;
IE 6 throws up this message that says "This page contains both secure
and nonsecure items.". None of the other browsers seem to have this
problem including IE7. Is there a way to fix this?
Short answer: It's not a J(ava)Script problem. And it's not a bug, it's a
feature.

Long answer:

Probably the server-side ASP script, triggered with the client-side
assignment here, redirects to a non-SSL HTTP resource, inevitably
establishing another, insecure (i.e. unencrypted and unauthenticated) HTTP
connection, which IE/MSHTML warns you about.

While you could simply disable the setting that triggers this behavior (in
Internet Options, Security or Advanced tab), the only way to prevent the
message from appearing reliably in all clients is not do to that, and to
perform server-side URL rewrite (proxying) instead.

How that can be done depends on your server and is off-topic here, on-topic
e.g. in comp.infosystems.www.servers.*instead.
[...]

[...]
To claify this is on a site with an SSL certificate and I never
declared it as a bug,

You implied that it was a problem *of* IE, i.e. a bug. It's not.

only that I wanted to bypass it somehow.

Why would you want to bypass a Good Thing?

The DocumentView.asp streams a pdf down to the page and no where no how
am I directing to a non SSL resouce. I have even tried putthing the
absolutehttps://sitename/DocumentView.aspon the location and that
doesn't change it.

No surprise here because it matters what ASP does, not how it is invoked.

Again, it's most certainly _not_ a problem with your posted script code (a
quick test with <a href="..." target="fraImage">foo</a> probably shows).
(But then, alas you posted only "similar" code.)

So unless you have a server-side JScript script in ASP here that you need
help about, your problem is *off-topic* here. But even then a newsgroup or
forum dedicated to ASP (.NET) would be a better choice, as the ASP experts
are *there*.

In order to have a chance to receive further helpful replies here and
*elsewhere*, I strongly suggest you learn how to post properly in Usenet:

http://www.jibbering.com/faq/#FAQ2_3

PointedEars
--
var bugRiddenCrashPronePieceOfJunk = (
navigator.userAgent.indexOf('MSIE 5') != -1
&& navigator.userAgent.indexOf('Mac') != -1
) // Plone, register_function.js:16

Ok,

I have further diagnosed the problem. It's not client side as I
originally suspected. So to Thomas I owe an apology. But your
attitude that I was trying to do something wrong or sneek something by
the user really irritated me. As you can see from the post below I'm
not. It has something to do with the streamed PDF ... so I post this
information to show where the problem was but also to acknowledge
that this forum is not the appropriate location to search a result.

The DocumentView.PDF page streamed down a PDF to the requesting
browser, when I remove that code and simply render HTML there is not a
problem. Here is what the DocumentViewPDF page looks
like:
<%
Dim objPDF
Dim sDocumentType
Dim sInstrument

sDocumentType = Request.QueryString("DocumentType") & ""
sInstrument = Request.QueryString("Instrument") & ""

If Len(sDocumentType) > 0 AND Len(sInstrument) > 0 Then
Set objPDF = Server.CreateObject("LEImage.clsPXCPDF")
Response.ContentType = "application/pdf"

Response.AddHeader "Content-disposition", _
"inline; filename=" + StripOutPage(sInstrument) + "_doc.pdf"
Response.BinaryWrite objPDF.GetDocumentPDF(sDocumentType,
sInstrument, "")

Set objPDF = Nothing
Response.End
Else
Response.Write "Invalid querystring parameters!
<br>sDocumentType:" & sDocumentType & "**<br/>" & _
"sInstrument:" & sInstrument & "**"
Response.End
End If
%>

Thanks dbl


On Jun 28, 1:55 pm, DBLWizard <ibflyfis... (AT) yahoo (DOT) com> wrote:

Quote:

Ok I'm not sure if your dense or what. This is a clientside problem
not a server side problem. This is running in a onload of one page
that is in an adjacent frame. The code I have presented here is
EXACTLY the code that is causing the problem. I'm not trying to GET
AROUND anything. I am trying to figure out why IE6 is the only
browser that seems to have a problem with this code. Yes I implied it
is an problem in IE. And as I am not connecting to an unsecured
resouce I guess I would it is presenting false information to user.

Let me give you another example of a similar "problem". IE6 gives the
same message with the following code:

function showImage(sredirection){
{
var newwin = window.open("", "",
"toolbar=0,location=0,directories=0,status=1,menub ar=0,scrollbars=0,resizable=0,maximized=1")
newwin.location.href = "DocumentView.asp" + sredirection
newwin.focus();

}

But does not when the code looks like this:

function showImage(sredirection){
{
var newwin = window.open("DocumentView.asp" + sredirection, "",
"toolbar=0,location=0,directories=0,status=1,menub ar=0,scrollbars=0,resizable=0,maximized=1")
newwin.focus();

}

Now I don't know if you call that a bug or not. But its inconsistent
at the least.
Another example is if you initialize a frame with no source like this
IE 6 throws up a message about secure and unsecure information on the
same page:

frame scrolling="no" name="fraImage" src=""

But if you create a "blank" html page as a place holder it is ok.

frame scrolling="no" name="fraImage" src="blank.htm"

Again, I'm not trying to deceive the user. I believe i am getting
this message erroneously and want to find someway as in the above
examples to get the message to go away.

On Jun 28, 4:16 am, Thomas 'PointedEars' Lahn <PointedE... (AT) web (DOT) de
wrote:

DBLWizard wrote:
Thomas 'PointedEars' Lahn wrote:
DBLWizard wrote:
I'm fighting with IE on a secure site where I am trying to set the
location of a frame from within javascript using code similar to this.
sHref = "DocumentViewPDF.asp?DocumentType=<%=sDocumentType
%>&Instrument=" + sInstrument;
objFrameImage = window.top.frames['fraImage'];
objFrameImage.location = sHref;
IE 6 throws up this message that says "This page contains both secure
and nonsecure items.". None of the other browsers seem to have this
problem including IE7. Is there a way to fix this?
Short answer: It's not a J(ava)Script problem. And it's not a bug, it's a
feature.

Long answer:

Probably the server-side ASP script, triggered with the client-side
assignment here, redirects to a non-SSL HTTP resource, inevitably
establishing another, insecure (i.e. unencrypted and unauthenticated) HTTP
connection, which IE/MSHTML warns you about.

While you could simply disable the setting that triggers this behavior (in
Internet Options, Security or Advanced tab), the only way to prevent the
message from appearing reliably in all clients is not do to that, and to
perform server-side URL rewrite (proxying) instead.

How that can be done depends on your server and is off-topic here, on-topic
e.g. in comp.infosystems.www.servers.*instead.
[...]

[...]
To claify this is on a site with an SSL certificate and I never
declared it as a bug,

You implied that it was a problem *of* IE, i.e. a bug. It's not.

only that I wanted to bypass it somehow.

Why would you want to bypass a Good Thing?

The DocumentView.asp streams a pdf down to the page and no where no how
am I directing to a non SSL resouce. I have even tried putthing the
absolutehttps://sitename/DocumentView.asponthe location and that
doesn't change it.

No surprise here because it matters what ASP does, not how it is invoked.

Again, it's most certainly _not_ a problem with your posted script code (a
quick test with <a href="..." target="fraImage">foo</a> probably shows).
(But then, alas you posted only "similar" code.)

So unless you have a server-side JScript script in ASP here that you need
help about, your problem is *off-topic* here. But even then a newsgroup or
forum dedicated to ASP (.NET) would be a better choice, as the ASP experts
are *there*.

In order to have a chance to receive further helpful replies here and
*elsewhere*, I strongly suggest you learn how to post properly in Usenet:

http://www.jibbering.com/faq/#FAQ2_3

PointedEars
--
var bugRiddenCrashPronePieceOfJunk = (
navigator.userAgent.indexOf('MSIE 5') != -1
&& navigator.userAgent.indexOf('Mac') != -1
) // Plone, register_function.js:16

DBLWizard wrote:

Quote:

I have further diagnosed the problem. It's not client side as I
originally suspected.

I have said that right from the start, have I not? I am really not the one
beating the already grounded, but had you properly read and followed my
advice in the first place you could have spared yourself and this group a
lot of trouble.

Quote:

So to Thomas I owe an apology.

Please do.

Quote:

But your attitude that I was trying to do something wrong > or sneek something by the user really irritated me.

I never implied any of that! I merely said it was not a bug, i.e. not a
problem of the user agent but of the underlying programming of the Web
application. You really should read less into postings.

Quote:

[top post of a top post]

And finally learn to quote.

<http://jibbering.com/faq/>


Score adjusted

PointedEars
--
Prototype.js was written by people who don't know javascript for people
who don't know javascript. People who don't know javascript are not
the best source of advice on designing systems that use javascript.
-- Richard Cornford, cljs, <f806at$ail$1$8300dec7 (AT) news (DOT) demon.co.uk>