You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by hillj2 <Hi...@michigan.gov> on 2007/10/30 21:51:08 UTC
Security message when using popup dialog
I'm using wicket's popup dialog and it works just fine, but when deploy my
app to our test server, which sits behind a proxy using SSL, I get a
security message from IE saying "This page contains both secure and
nonsecure items" whenever I open the popup. I've traced it to a 404 error
which is returning from a request to SERVLET_PATH/://0. I have no idea
where this request is coming from or what resource "://0" is supposed to
refer to. This request doesn't appear to get made when I run it on my local
machine (of course I'm not using SSL, but I also don't ever see this request
get made to my local webserver).
Any idea what this path is supposed to be or where it's getting called from?
This is wicket 1.3 beta2.
Thanks.
Joel
--
View this message in context: http://www.nabble.com/Security-message-when-using-popup-dialog-tf4720449.html#a13494917
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Security message when using popup dialog
Posted by hillj2 <Hi...@michigan.gov>.
Martijn Dashorst wrote:
>
> look in the source of the page, and possibly try to capture the
> headers. This will help us in discovering what goes wrong.
>
Haven't been able to find anything in the source referencing this bizarre
address. Of course 'View Source' doesn't keep up with dynamic changes made
to the HTML document.
Here is the request header that I think is causing the problem:
GET /dch-apps/mcir/wicket/://0 HTTP/1.1
Accept: */*
Referer:
https://localhost:7000/dch-apps/mcir/wicket/;jsessionid=cc1740a122b817d48694251b4c9ebfa7f4cb98e303e4?wicket:interface=modal-dialog-pagemap:0::::
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR
1.1.4322)
Host: localhost:7000
Connection: Keep-Alive
Cookie: PD-S-SESSION-ID=2_3Up0h124Sdjoiwp2xtcs6noIRVFNPvCGgyexh+nKYigzh-Xr;
AMWEBJCT!%2Fsom!JSESSIONID=000086sQ6Yf_BcJ3mqzjMZdxO1g:-1;
PD_STATEFUL_e7b6e27e-0ebe-11dc-b6c7-cc17401eaa77=%2Fsom; IV_JCT=%2Fdch-apps;
AMWEBJCT!%2Fdch-apps!JSESSIONID=cc1740a122b817d48694251b4c9ebfa7f4cb98e303e4
And here is the corresponding response:
HTTP/1.1 404 Not Found
content-type: text/html
date: Wed, 31 Oct 2007 12:53:18 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: Oracle Containers for J2EE
x-old-content-length: 148
transfer-encoding: chunked
94
<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not
Found</H1>Resource /dch-apps/mcir/wicket/:/0 not found on this
server</BODY></HTML>
0
Don't let the "localhost:7000" throw you. That's just because I'm routing
the request through a program which allows me to capture to request/response
headers. It doesn't appear that this same request is being made in FF
though.
Martijn Dashorst wrote:
>
> And please check if you have images without a src attribute or an
> empty src attribute. That seems to cause problems too (though possibly
> not this one).
>
No image tags to check in this case. Aside from the images used by the
wicket popup, there's only one image on the page at all and it's added via
css. We're not really allowed to use graphics in this app (boring).
Thanks for the help.
Joel
--
View this message in context: http://www.nabble.com/Security-message-when-using-popup-dialog-tf4720449.html#a13509156
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Security message when using popup dialog
Posted by Martijn Dashorst <ma...@gmail.com>.
look in the source of the page, and possibly try to capture the
headers. This will help us in discovering what goes wrong.
And please check if you have images without a src attribute or an
empty src attribute. That seems to cause problems too (though possibly
not this one).
Martijn
On 10/30/07, hillj2 <Hi...@michigan.gov> wrote:
>
> I'm using wicket's popup dialog and it works just fine, but when deploy my
> app to our test server, which sits behind a proxy using SSL, I get a
> security message from IE saying "This page contains both secure and
> nonsecure items" whenever I open the popup. I've traced it to a 404 error
> which is returning from a request to SERVLET_PATH/://0. I have no idea
> where this request is coming from or what resource "://0" is supposed to
> refer to. This request doesn't appear to get made when I run it on my local
> machine (of course I'm not using SSL, but I also don't ever see this request
> get made to my local webserver).
>
> Any idea what this path is supposed to be or where it's getting called from?
> This is wicket 1.3 beta2.
>
> Thanks.
>
> Joel
> --
> View this message in context: http://www.nabble.com/Security-message-when-using-popup-dialog-tf4720449.html#a13494917
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
Buy Wicket in Action: http://manning.com/dashorst
Apache Wicket 1.3.0-beta4 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.0-beta4/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org