Running forum over an SSL

Hello Samuel,

We are running ASPPlayground over an SSL for our companies private Extranet. What we have been experiencing is the following message as users drill through the forum:

This page contains both secure and nonsecure items. Do you want to display the nonsecure items?

If you select Yes then the padlock is removed, if you select No then the padlock stays. The forum appears to continue in either case. The problem occurs in that users have to select Yes or No each time a page comes up with this problem. Is there a way that you know of in preventing this type of message pop-up window from happening.

Thanks

js

IE seems to find iframe insecure. It is a known problem but currently I do not have a solution for it.

Note: this is not a security problem at all. It is IE' s behavior.

ASPPlayground.net Developer

After a quick search on google, I found a possible solution:

in tt.asp and m.asp:

Look for the iframe code at the bottom of both pages, and add a src attribute so that they read:

<iframe name=" bufferFrame" style=" display:none;" src=" blank.html" ></iframe>

and then create a page called blank.html in the forum' s root directory. You do not have to put anything in blank.html.

Please try it and see if it fixes the problem.

ASPPlayground.net Developer

Hi Samuel,

This worked like a charm, no more pop-up. Thanks very much for your help.

js

Thank you for your report too!

I will release a new patch containing this and the Opera 7 compatibility update.

Thanks

ASPPlayground.net Developer

Hi Samuel!
I also solved my problem using this logic. Thanks.

Vijay .r

Hi,

I'm facing the same Security Alert Problem when i invoke my asp page from an aspx,what should be the issue ,can anyone help in this.

Vanitha

Are you saying you are "invoking" the forum from an ASPX application? What do you mean by invoking??

ASPPlayground.net Developer

I came across another broblem...if you have hotlinks from your https site to 'unsecure' http site
(mine is something like this:)
Someones ICQ Status: <img onerror="this.src='images/icq_offline.gif';" src="http://web.icq.com/whitepages/online?icq=123456789&img=5">

with http rather than https address...

you will get the same message popping out i'm still looking for a solution to fix this...if anyone has any ideas please share

the only way - disallow someone to post http pics on an https site.

<iframe name=" bufferFrame" style=" display:none;" src=" blank.html" ></iframe>

my first page on my site is my index page which has frames in it , and i have discovered that thats where the problem is (frames). so where do i put ur piece of code??

I am not sure what you are referring to. We are talking about iframe here, not regular frames.

ASPPlayground.net Developer

Samuel,
 
With Content Advisor turned off on my browser, I'm encountering the old problem often discussed in this forum of the pop-up message "This page contains both secure and nonsecure items" on an SSL site, yet I see no cause of it. It happens here: https://www.ohio-academy-of-audiology.org/forum/tm.asp?m=1 Viewing the source yields no occurrence of "http" without the "s". Or are there some links hidden in the javascript routines that are called?
 
Lee

it is the iframe used in "fast reply" (WYSIWYG editor) that causes IE to respond this way.

ASPPlayground.net Developer

Why? In what file is the code? And what can I do about it?
 
Lee

"why" - I don't know why IE works this way either

what can I do about it - 1. don't enable fast reply for your forum or 2. don't use SSL for the forum

ASPPlayground.net Developer

If I don't enable fast reply, then I have to use Post Reply, which itself generates the same bothersome pop-up message. So now the question becomes: what in Post Reply is IE objecting to?  Apparently it's not an iframe problem again, or is it?
 
Lee

it is an iframe problem. We use iframe too in "post reply" - this is part of the WYSIWYG editor.

ASPPlayground.net Developer

We resolved this by changing line 143 of rtejs/richtext.js from:

 document.writeln('<iframe id="' + rte + '" name="' + rte + '" style="width:' + width + 'px; height:' + height + 'px;" class="rteFrame" src=""></iframe>');

to

 document.writeln('<iframe id="' + rte + '" name="' + rte + '" style="width:' + width + 'px; height:' + height + 'px;" class="rteFrame" src="blank.html"></iframe>');
 

 
Make sure you have got a blank html file called blank.html in the root folder of the forum.

We have the same problem, but have only a frameset with one frame. Frame src points to a secure webpage. Clickin No to the popup still displays the entire content. Clicking Yes removes the padlock-icon from the browser. This alarms our customers.
 
<frameset>
 
</frameset>
 
doesn't display the popup, but ones you ad the <frame src="https://..."> you get the popup.
 
Microsoft KnowledgeBase says itäs a bug in Content Advisor and instructs to turn Content Advisor off...
 
We can't change the single frame to an iframe, because of our server setup and because we don't want to use an iframe.
 
-Incu