+ Start a Discussion
BJamesBJames 

IE6 Secure/Non-Secure items on page Alert

Is there any way to keep IE from popping up this "Alert" when using an Scontrol?



I tried putting the Scontrol in a popup window with no content around it at all... and still I received this alert...
When I click "No" it still works, however it is quite annoying and no matter how much I try to explain it, my customers especially my financial sector customers are very nervous.

-=Bryan

Update
I found out the line that's causing the alert to show up.
It's the sforceClient.init(...)
Also interesting is the order in which the coded alerts show up in.. their display order is denoted by the number at the beginning.

Code:
function initPage() {
  //Initialize the connection to salesforce.com by setting the sessionid and the
  //soap endpoint in the init call
  alert("1 initPage::before sforceClient.setLoginUrl"); 
  sforceClient.setLoginUrl("https://www.salesforce.com/services/Soap/u/7.0");
  alert("2 initPage::before sforceClient.registerInitCallback");
  sforceClient.registerInitCallback(startUp);
  alert("3 initPage::before sforceClient.init");
  sforceClient.init("{!API_Session_ID}", "{!API_Partner_Server_URL_70}", false); //this line throws the security alert
  alert("5 initPage::after sforceClient.init");
}

//=======

function startUp() {
  alert("4 startUp");
}

 

Message Edited by BJames on 05-03-200611:03 AM

hemmhemm
I ran into this same problem recently.  I was using the Eclipse tool to edit my s-control.   It defaulted  the reference to the  sforceclient.js file.  However, it included a  ?browser=true onto the end of it.  I removed that and all was good.

It went from this:

Code:
<script language="javascript" src="https://www.salesforce.com/services/lib/ajax/beta3.3/sforceclient.js—browser=true" type="text/javascript"></script>

To This:

Code:
<script language="javascript" src="https://www.salesforce.com/services/lib/ajax/beta3.3/sforceclient.js" type="text/javascript"></script>

Message Edited by hemm on 05-03-2006 11:50 AM

BJamesBJames
Well... that fixes one problem! However I'm using the bind functionality in another implementation and cannot get rid of that flag there...
Is it possible to include this extra code manually over HTTPS like the js client itself?

-=Bryan


DevAngelDevAngel
The proper syntax for including the browser support module is

https://www.salesforce.com/services/lib/ajax/beta3.3/sforceclient.js?browser=true

This differs from your post in that you have a dash rather than a question mark.  You should get nothing to work with a dash

I have not been able to duplicate this.  The browsersupport.js file references a few images but they are all referenced using https.

I'm believe what you are telling me, but could you describe the environment in which you are testing this (in an scontrol, from the file system etc)?  Also, if you install LiveHTTPHeaders in firefox, and then navigate to your scontrol, you can capture every request the browser makes when the page loads.  If you could look through that capture and spot any requests that are made to a non ssl url, that would help to narrow the issue.

Cheers.
tyshocktyshock

I'm getting the exact same behavior in IE.  I did the LiveHTTPHeaders in firefox, as well as straight packet sniffing in IE, and all communication was HTTPS.

Could it be the instantiation of any of the XMLHTTP objects during the browser sniffing that is triggering this?

Let me know if you'd like me to set any breakpoints/debugs and I'll help.

 

 

 

hemmhemm
Adding the dash was a typo.  I had it right in my s-control, but somehow messed it up when I submitted the post.


DevAngel wrote:
The proper syntax for including the browser support module is

https://www.salesforce.com/services/lib/ajax/beta3.3/sforceclient.js?browser=true

This differs from your post in that you have a dash rather than a question mark.  You should get nothing to work with a dash
hemmhemm
I went ahead and created a standard s-control using Eclipse.  The code is below.  Everthing is the standard starting point except that I added text Hello World in the HTML body.  When I run this in Firefox, all is fine.  When I run it in IE, I get the error saying "This page contains secure and non-secure items..."

When I remove ?browser=true, it runs fine in IE. 

One thing of note.  When I get the error in IE, the Hello World text is already on the page, but is positioned way down in the page as if something is coming before it.  When I answer the error message (with yes or no), the Hello World text moves up to where it should be.  This may only because it's making room for the error message, but I thought it worth mentioning.


Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
 <head>
  <title></title>
  <script language="javascript" src="https://www.salesforce.com/services/lib/ajax/beta3.3/sforceclient.js?browser=true" type="text/javascript"></script>
  <script id="clientEventHandlersJS" language="javascript">
<!-- 
function initPage() {
 sforceClient.registerInitCallback(setup);
 sforceClient.setLoginUrl("https://www.salesforce.com/services/Soap/u/7.0");
 sforceClient.init("{!API_Session_ID}", "{!API_Partner_Server_URL_70}", true);
}

//Use this function as the entry point for your DHTML and JAVASCRIPT processing
function setup() {

}

//-->
  </script>
 </head>
 <body onload="initPage()">
 <strong>hello world</strong>
 </body>
</html>

 
darozdaroz
I can confirm this behavior as well, and also confirm the later posters trace analysis showing all https traffic to na1.

It smells of browser bug but I haven't had time to dig into the JS to track it down.
DevAngelDevAngel

No, it has to detect browser type when not including the browsersupport.js file.  Since I am not able to duplicate secure/non-secure issue, try setting the final param on init to false.  The page may not "work" but in will narrow the issue down to either just including the browsersupport.js versus the calling of init.

Thanks.

hemmhemm

DevAngel wrote:

Since I am not able to duplicate secure/non-secure issue, try setting the final param on init to false. 



I have tested 3 scenarios for each browser I have.

Firefox 1.5.0.3
  • ?browser=true
    • I didn't mention this before, but when this is set, the tab has the spinning graphic that makes it look like the page is still loading.  The status bar indicates the page is "Done", however.
  • ?browser=false
    • No issues
  • Remove ?browser=true completely
    • No issues
IE 6.0.2900...
  • ?browser=true
    • Receive the error message saying that the page contains both secure and insecure items
  • ?browser=false
    • No issues
  • Remove ?browser=true completely
    • No issues
Something is happening when the browser parameter is set to true.

Message Edited by hemm on 05-08-2006 03:24 PM

Message Edited by hemm on 05-08-2006 03:25 PM

SteveBowerSteveBower
I believe that the problem is that the iframe created in line 105 of browsersupport.js as part of the createWait prototype is lacking a "src". 

If you modify it by adding:

        w.src = "javascript:false;";

somewhere in there it eliminates the secure/insecure issue.

I haven't done exhaustive testing... just IE and Firefox, but it solves it for me.

Steve Bower.

For an immediate workaround just add the prototype override below in your source after your include of "...sforceclient.js?browser=true."

Code:
<script type="text/javascript">
 Sforce.Client.prototype.createWait = function() {
 var w = Sforce.doc.getElementById("sfdc_waiter");
 if (w != undefined) {
  return w;
 } else {
  w = Sforce.doc.createElement("iframe");
  w.style.overflow = "visible";
  w.frameBorder = "no";
  //w.style.backgroundColor = "transparent";
  w.allowTransparency = true;
  w.id = "sfdc_waiter";
  w.name = "sfdc_waiter";
  w.src = "javascript:false;";    // Added.  SBower.
  return w;
 }
};
</script>

 


Drew1815Drew1815
DevAngel,
     I am having the same issues as described in this posting thread. In order to reproduce this issue on your Internet Explorer browser, can you please set the following parameter in IE : Go to Tools -> Internet Options -> Security tab -> Click on Internet -> Custom Level. There is a Miscellaneous setting "Display Mixed Content". If you have it set to "Prompt", then you will start to see this IE Pop-Up window. If you have it set to "Enable" you will not see the popup and the SControl will run without issue. I hope that helps.

Thanks,
Drew1815


hemmhemm
I tried the code that SteveBower put into the previous message.  It didn't seem to fix anything.

What is the status of this fix?  What are the repercussions of using ?browser=false in the code?
SteveBowerSteveBower
Hello Hemm, just fyi, I have re-verified that this solves the problem for me.

(Not claiming that this is *the* right fix, etc. just that when I comment out the w.src="..." line I get the error, and when I put it back in, the error goes away.)

You have to have be requesting browser support with "browser=true":

<script src="https://www.salesforce.com/services/lib/ajax/beta3.3/sforceclient.js?browser=true"
 type="text/javascript"></script>

In your script references, otherwise the whole sfdc_waiter construct never gets created because the entire
https://www.salesforce.com/services/lib/ajax/beta3.3/browsersupport.js file never gets included in the first place.  (Which is what would also happen with "browser=false" I believe.)

If you'd like to work this off-list, feel free to e-mail me.  Steve.
hemmhemm
I added the code in Steve's response at http://forums.sforce.com/sforce/board/message?board.id=ajax_toolkit&message.id=389 to my s-control.  That fixed the security hole that he spoke about.  To have the tab stop spinning in my Firefox tab, I had to add this line (compliments of Steve)

Code:
Sforce.Client.prototype.busyboxenabled = false; 

So all in all, the following code was added to my s-control.  It needs to be added after the reference to the AJAX toolkit.  I put it at the end of my s-control to get it out of my way.

Code:
  /****************************************************************
  * Added code below to fix an issue in the browsersupport.js file.  Obtained from
  * http://forums.sforce.com/sforce/board/message—board.id=ajax_toolkit&message.id=389
  *****************************************************************/
   Sforce.Client.prototype.createWait = function() {
   var w = Sforce.doc.getElementById("sfdc_waiter");
     if (w != undefined) {
      return w;
     } else {
     w = Sforce.doc.createElement("iframe");
     w.style.overflow = "visible";
     w.frameBorder = "no";
     //w.style.backgroundColor = "transparent";
     w.allowTransparency = true;
     w.id = "sfdc_waiter";
     w.name = "sfdc_waiter";
     w.src = "javascript:false;";    // Added.  SBower.
     return w;
     }
   };
  /****************************************************************
  * Don't know why, but if I include browser=true, the page never stops loading.
  * In the sense that the loading icon never stops spinning.  Turning off
  * the busybox does the trick.
  *****************************************************************/   
   Sforce.Client.prototype.busyboxenabled = false;   

 

And then I made the reference to the s-control have ?browser=true.

Message Edited by hemm on 07-17-2006 05:28 PM

federico_vela_pfederico_vela_p
I would like to confirm, that the code box above, when added to the end of the script tag ... fixed all issues.

Thanks to all!!!!
ywangywang

Dear hemm

Thank you very much. Your hint given me a great help.