You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Simon Sew <si...@yahoo.com> on 2008/04/18 10:52:37 UTC
[S2] IE 7 - Secure and non-secure pop up message when using https
Hi,
I'm trying to create a simple ajax using struts2. The ajax is running fine.But I'm trying to fix this error message when using https server. The alert message is "This page contains both secure and nonsecure items.
Do you wish to display the nonsecure items?".
Here's my code.
<%@ page contentType="text/html; charset=UTF-8" %>
<%@ taglib prefix="s" uri="/struts-tags" %>
<%@ page import="java.util.Date,java.text.SimpleDateFormat" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<s:head theme="ajax" debug="false"/>
<body>
<form id="report_form" name="report_form" method="get">
<s:hidden name="rpt_main_cat_id" />
<s:hidden name="rpt_cat_id" />
<s:hidden name="rpt_cat_desc_id" />
<s:hidden name="rpt_hidden_date_from" />
<s:hidden name="rpt_hidden_date_to" />
<s:hidden name="rpt_hidden_dev_group" />
<s:hidden name="rpt_hidden_dev_ip" />
<s:hidden name="rpt_hidden_ip_class" />
</form>
<s:url id="report_dynamic" action="rpt" includeParams="none">
<s:param name="task">view_on_demand_report</s:param>
</s:url>
<s:div id="contentReport" href="%{report_dynamic}" autoStart="false" listenTopics="/refreshContent" formId="report_form" showErrorTransportText="false" theme="ajax">
</s:div>
</body>
</html>
Anyone knows what am I doing wrong here?
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
Re: [S2] IE 7 - Secure and non-secure pop up message when using https
Posted by Jeromy Evans <je...@blueskyminds.com.au>.
Simon Sew wrote:
> Hi,
> Can you provide me with the link on how to upgrade the dojo toolkit.
> Cant find a page that is simple enough for me to understand.
>
> Thanks.
>
> P.S: Already post my problem to dojo mailing list. Hope I can get some answers.
>
Try this:
http://cwiki.apache.org/S2WIKI/creating-a-custom-dojo-profile-for-struts-20x.html
It may be less effort to build a quick Struts2.1 application to test if
Dojo 0.4.3 fixes it.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [S2] IE 7 - Secure and non-secure pop up message when using https
Posted by Simon Sew <si...@yahoo.com>.
Hi,
Can you provide me with the link on how to upgrade the dojo toolkit.
Cant find a page that is simple enough for me to understand.
Thanks.
P.S: Already post my problem to dojo mailing list. Hope I can get some answers.
Jeromy Evans <je...@blueskyminds.com.au> wrote: Simon Sew wrote:
> Hi,
>
> I have pinpoint the problem to this remote div.. The code as below.
>
>
>
> autoStart="false" listenTopics="/refreshContent" formId="report_form"
>
> showErrorTransportText="false" theme="ajax">
> I tried change the iframe.js but to no avail.
> I tried using
> 1) https://
> 2) https://about:blank
> 3) javascript:false
> 4) "blank"
>
> I have even tried 2.0.11 which is the latest one. The bug still there.
> Is there a 2.1 version out there?
>
>
I know it's silly, but double-check that that the right versions of the
dojo files are being served up. IE aggressively caches them. Include an
alert to be sure. There has to be an HTTP request in there somewhere.
Yes, there is a Struts2.1 available. It's not GA though. It uses Dojo
0.4.3. The tags are much better than the 2.0 version but I don't know
if IE7 SSL is better supported.
http://struts.apache.org/2.x/docs/version-notes-211.html
Review the migration guide before proceeding as it could be some effort:
http://cwiki.apache.org/S2WIKI/troubleshooting-guide-migrating-from-struts-20x-to-21x.html
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
Re: [S2] IE 7 - Secure and non-secure pop up message when using https
Posted by Jeromy Evans <je...@blueskyminds.com.au>.
Simon Sew wrote:
> Hi,
>
> I have pinpoint the problem to this remote div.. The code as below.
>
>
> <s:div id="contentReport" href="%{report_dynamic}"
> autoStart="false" listenTopics="/refreshContent" formId="report_form"
>
> showErrorTransportText="false" theme="ajax">
> I tried change the iframe.js but to no avail.
> I tried using
> 1) https://
> 2) https://about:blank
> 3) javascript:false
> 4) "blank"
>
> I have even tried 2.0.11 which is the latest one. The bug still there.
> Is there a 2.1 version out there?
>
>
I know it's silly, but double-check that that the right versions of the
dojo files are being served up. IE aggressively caches them. Include an
alert to be sure. There has to be an HTTP request in there somewhere.
Yes, there is a Struts2.1 available. It's not GA though. It uses Dojo
0.4.3. The tags are much better than the 2.0 version but I don't know
if IE7 SSL is better supported.
http://struts.apache.org/2.x/docs/version-notes-211.html
Review the migration guide before proceeding as it could be some effort:
http://cwiki.apache.org/S2WIKI/troubleshooting-guide-migrating-from-struts-20x-to-21x.html
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [S2] IE 7 - Secure and non-secure pop up message when using https
Posted by Simon Sew <si...@yahoo.com>.
Hi,
I have pinpoint the problem to this remote div.. The code as below.
<s:div id="contentReport" href="%{report_dynamic}"
autoStart="false" listenTopics="/refreshContent" formId="report_form"
showErrorTransportText="false" theme="ajax">
I tried change the iframe.js but to no avail.
I tried using
1) https://
2) https://about:blank
3) javascript:false
4) "blank"
I have even tried 2.0.11 which is the latest one. The bug still there.
Is there a 2.1 version out there?
Jeromy Evans <je...@blueskyminds.com.au> wrote: Simon Sew wrote:
> Hi Jeromy,
> The solutions provided doesn't work for me.
> I still have the pop up message.
>
> One more thing.
> I found out that struts2 dojo have some missing files.
> I used fidler to check :
>
> /struts/dojo/src/i18n/calendar/nls/en-us/gregorian.js
> /struts/dojo/src/i18n/calendar/nls/en/gregorianExtras.js
> /struts/dojo/src/i18n/calendar/nls/en-us/gregorianExtras.js
> /struts/dojo/src/widget/nls/en/TimePicker.js /struts/dojo/src/widget/nls/en-us/TimePicker.js
> /struts/dojo/src/widget/nls/en/DropdownTimePicker.js
> /struts/dojo/src/widget/nls/en-us/DropdownTimePicker.js
>
> Will this be the problem.
>
>
No, missing files won't cause the warning message. Those missing files
will prevent the DatePicker from working. That implies the custom dojo
profile didn't include the DatePicker.
The IE warning message is caused by dojo (or something else in the page)
loading a file via HTTP within an secure page. The patch I provided
fixed Dojo's use of one particular iframe (used with remote divs).
You'll need to isolate exactly which widget is causing the problem by
taking sections out of your page.
Also while debugging use the uncompressed dojo file. Rename the
compressed one to something else and substitute in the uncompressed
version. You can add breakpoints to find the precise cause.
I did have an application working in IE7 HTTPS using Struts 2.0.9 with
the following widgets: div, datepicker, timepicker, tabbedpanel
I stopped using Dojo when I needed asyc fileupload in HTTPS in IE7.
You may need to contact the Dojo user group to ask for more
information. You're using Dojo 0.4.0 though so they may just tell you
to upgrade.
Hope that helps. It's a difficult problem to solve.
regards,
Jeromy Evans
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
Re: [S2] IE 7 - Secure and non-secure pop up message when using https
Posted by Jeromy Evans <je...@blueskyminds.com.au>.
Simon Sew wrote:
> Hi Jeromy,
> The solutions provided doesn't work for me.
> I still have the pop up message.
>
> One more thing.
> I found out that struts2 dojo have some missing files.
> I used fidler to check :
>
> /struts/dojo/src/i18n/calendar/nls/en-us/gregorian.js
> /struts/dojo/src/i18n/calendar/nls/en/gregorianExtras.js
> /struts/dojo/src/i18n/calendar/nls/en-us/gregorianExtras.js
> /struts/dojo/src/widget/nls/en/TimePicker.js /struts/dojo/src/widget/nls/en-us/TimePicker.js
> /struts/dojo/src/widget/nls/en/DropdownTimePicker.js
> /struts/dojo/src/widget/nls/en-us/DropdownTimePicker.js
>
> Will this be the problem.
>
>
No, missing files won't cause the warning message. Those missing files
will prevent the DatePicker from working. That implies the custom dojo
profile didn't include the DatePicker.
The IE warning message is caused by dojo (or something else in the page)
loading a file via HTTP within an secure page. The patch I provided
fixed Dojo's use of one particular iframe (used with remote divs).
You'll need to isolate exactly which widget is causing the problem by
taking sections out of your page.
Also while debugging use the uncompressed dojo file. Rename the
compressed one to something else and substitute in the uncompressed
version. You can add breakpoints to find the precise cause.
I did have an application working in IE7 HTTPS using Struts 2.0.9 with
the following widgets: div, datepicker, timepicker, tabbedpanel
I stopped using Dojo when I needed asyc fileupload in HTTPS in IE7.
You may need to contact the Dojo user group to ask for more
information. You're using Dojo 0.4.0 though so they may just tell you
to upgrade.
Hope that helps. It's a difficult problem to solve.
regards,
Jeromy Evans
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [S2] IE 7 - Secure and non-secure pop up message when using https
Posted by Simon Sew <si...@yahoo.com>.
Hi Jeromy,
The solutions provided doesn't work for me.
I still have the pop up message.
One more thing.
I found out that struts2 dojo have some missing files.
I used fidler to check :
/struts/dojo/src/i18n/calendar/nls/en-us/gregorian.js
/struts/dojo/src/i18n/calendar/nls/en/gregorianExtras.js
/struts/dojo/src/i18n/calendar/nls/en-us/gregorianExtras.js
/struts/dojo/src/widget/nls/en/TimePicker.js /struts/dojo/src/widget/nls/en-us/TimePicker.js
/struts/dojo/src/widget/nls/en/DropdownTimePicker.js
/struts/dojo/src/widget/nls/en-us/DropdownTimePicker.js
Will this be the problem.
I'm using struts2-core-2.0.9.jar
Jeromy Evans <je...@blueskyminds.com.au> wrote: Simon Sew wrote:
> Hi,
> I'm trying to create a simple ajax using struts2. The ajax is running fine.But I'm trying to fix this error message when using https server. The alert message is "This page contains both secure and nonsecure items.
>
> Do you wish to display the nonsecure items?".
> ...
>
>
>
>
>
>
>
> Anyone knows what am I doing wrong here?
>
>
Unfortunately it's a bug in dojo 0.4 [Ticket#2390]. You have no option
but to patch it manually or upgrade to a new version. It's possible
that it's fixed in Struts 2.1 (using Dojo0.4.3) but is definitely
present in Struts 2.0.x (Dojo 0.4.0).
I don't use Dojo any more, but remarkably I kept notes about how I
patched it. You will need to extract dojo, modify it and recompress
using the instructions at :
http://cwiki.apache.org/S2WIKI/creating-a-custom-dojo-profile-for-struts-20x.html
http://trac.dojotoolkit.org/ticket/2390
To prevent the "This page contains both secure and nonsecure items"
issue present in IE7.
When you read the ticket and find the following file it will be obvious
what the change is:
src/html/iframe.js
var html="";
if (dojo.render.html.ie70) {
html="
+ " style='position: absolute; left: 0px; top: 0px; width: 100%;
height: 100%;"
+ "z-index: -1; filter:Alpha(Opacity=\"0\");' "
+ ">";
} else {
html="
+ "' style='position: absolute; left: 0px; top: 0px; width:
100%; height: 100%;"
+ "z-index: -1; filter:Alpha(Opacity=\"0\");' "
+ ">";
}
Good luck,
Jeromy Evans
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
Re: [S2] IE 7 - Secure and non-secure pop up message when using https
Posted by Jeromy Evans <je...@blueskyminds.com.au>.
Simon Sew wrote:
> Hi,
> I'm trying to create a simple ajax using struts2. The ajax is running fine.But I'm trying to fix this error message when using https server. The alert message is "This page contains both secure and nonsecure items.
>
> Do you wish to display the nonsecure items?".
> ...
> <s:div id="contentReport" href="%{report_dynamic}" autoStart="false" listenTopics="/refreshContent" formId="report_form" showErrorTransportText="false" theme="ajax">
>
> </s:div>
>
> </body>
> </html>
>
> Anyone knows what am I doing wrong here?
>
>
Unfortunately it's a bug in dojo 0.4 [Ticket#2390]. You have no option
but to patch it manually or upgrade to a new version. It's possible
that it's fixed in Struts 2.1 (using Dojo0.4.3) but is definitely
present in Struts 2.0.x (Dojo 0.4.0).
I don't use Dojo any more, but remarkably I kept notes about how I
patched it. You will need to extract dojo, modify it and recompress
using the instructions at :
http://cwiki.apache.org/S2WIKI/creating-a-custom-dojo-profile-for-struts-20x.html
http://trac.dojotoolkit.org/ticket/2390
To prevent the "This page contains both secure and nonsecure items"
issue present in IE7.
When you read the ticket and find the following file it will be obvious
what the change is:
src/html/iframe.js
var html="";
if (dojo.render.html.ie70) {
html="<iframe src='about:blank'"
+ " style='position: absolute; left: 0px; top: 0px; width: 100%;
height: 100%;"
+ "z-index: -1; filter:Alpha(Opacity=\"0\");' "
+ ">";
} else {
html="<iframe src='javascript:false'"
+ "' style='position: absolute; left: 0px; top: 0px; width:
100%; height: 100%;"
+ "z-index: -1; filter:Alpha(Opacity=\"0\");' "
+ ">";
}
Good luck,
Jeromy Evans
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org