Re: Frames & Javascript -> insecure?
--- Lee Feigenbaum <[EMAIL PROTECTED]> wrote: > the page gives the warning > "this page contains both secure and insecure elements" This will happen if ANYTHING is accessed by a nonsecure protocol, even so much as a single banner from another site. You did say all links were relative, though Anything offsite being accessed through that JS? Or maybe are you loading images for flyover changes? That *might* count as nonsecure, though I don't know the internal implementation __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Frames & Javascript -> insecure?
There are 2 things you can do. 1. Go into the Internet Browser properties (advanced) Remove the check box on "Warn if changing between secure and not secure mode. 2. We also had to change all of our URI's to use full pathnames including the https... This was especially the case with forms and cgi scripts. I hope this helps. Doug Poulin - Original Message - From: Lee Feigenbaum <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 28, 2000 11:25 AM Subject: Re: Frames & Javascript -> insecure? > I did check everything, and everything is being served via HTTPS > (everything is specified relative to the main frameset pages, which are > all https). In fact, Netscape lists the individual images as being secure, > but all of the .html components of the page are listed as 'Status > unknown'. > > Thanks for the suggestion, though, > Lee > > On Fri, 28 Jul 2000, Cliff Woolley wrote: > > > >>> [EMAIL PROTECTED] 07/28/00 12:12PM >>> > > >The outermost frameset is called with a secure URL, and all of the > > > >src="..."> tags use only relative URIs. Nevertheless, when viewed on IE > > >the page gives the warning "this page contains both secure and insecure > > >elements" - it's not an IE specific bug, as Netscape's security summary > > >says the same thing - listing the individual page elements in Netscape > > >shows that it thinks that the html pages, all of which it correctly > > lists > > >as https:// have: > > > > You get this if ANY of the elements of the page (eg, images) are > > delivered via an insecure method (http://, file://, etc). Make sure > > that *all* images are delivered via HTTPS along with the HTML documents, > > and the error should go away. The javascript ought not matter. > > > > Hope this helps, > > > > --Cliff > > > > Cliff Woolley > > Central Systems Software Administrator > > Washington and Lee University > > http://www.wlu.edu/~jwoolley/ > > > > Work: (540) 463-8089 > > Pager: (540) 462-2303 > > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Frames & Javascript -> insecure?
I did check everything, and everything is being served via HTTPS (everything is specified relative to the main frameset pages, which are all https). In fact, Netscape lists the individual images as being secure, but all of the .html components of the page are listed as 'Status unknown'. Thanks for the suggestion, though, Lee On Fri, 28 Jul 2000, Cliff Woolley wrote: > >>> [EMAIL PROTECTED] 07/28/00 12:12PM >>> > >The outermost frameset is called with a secure URL, and all of the > >src="..."> tags use only relative URIs. Nevertheless, when viewed on IE > >the page gives the warning "this page contains both secure and insecure > >elements" - it's not an IE specific bug, as Netscape's security summary > >says the same thing - listing the individual page elements in Netscape > >shows that it thinks that the html pages, all of which it correctly > lists > >as https:// have: > > You get this if ANY of the elements of the page (eg, images) are > delivered via an insecure method (http://, file://, etc). Make sure > that *all* images are delivered via HTTPS along with the HTML documents, > and the error should go away. The javascript ought not matter. > > Hope this helps, > > --Cliff > > Cliff Woolley > Central Systems Software Administrator > Washington and Lee University > http://www.wlu.edu/~jwoolley/ > > Work: (540) 463-8089 > Pager: (540) 462-2303 > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Frames & Javascript -> insecure?
>>> [EMAIL PROTECTED] 07/28/00 12:12PM The outermost frameset is called with a secure URL, and all of the >src="..."> tags use only relative URIs. Nevertheless, when viewed on IE>the page gives the warning "this page contains both secure and insecure>elements" - it's not an IE specific bug, as Netscape's security summary>says the same thing - listing the individual page elements in Netscape>shows that it thinks that the html pages, all of which it correctly lists>as https://> have: You get this if ANY of the elements of the page (eg, images) are delivered via an insecure method (http://, file://, etc). Make sure that *all* images are delivered via HTTPS along with the HTML documents, and the error should go away. The javascript ought not matter. Hope this helps, --Cliff Cliff WoolleyCentral Systems Software AdministratorWashington and Lee Universityhttp://www.wlu.edu/~jwoolley/ Work: (540) 463-8089Pager: (540) 462-2303
Frames & Javascript -> insecure?
Hi Everyone, I've searched the archives and FAQ for the answer to this, to no avail. I have a page on my site that has one frameset with two frames, one of which is a frameset with two more frames (yah, i know, frames are evil yadda yadda). The outermost frameset is called with a secure URL, and all of the tags use only relative URIs. Nevertheless, when viewed on IE the page gives the warning "this page contains both secure and insecure elements" - it's not an IE specific bug, as Netscape's security summary says the same thing - listing the individual page elements in Netscape shows that it thinks that the html pages, all of which it correctly lists as https:// have: Security: Status unknown One of the frames does use Javascript (ya, i know, javascript is as evil as frames, yadda yadda) extensively to write to another frame; I don't know if it's the frames or the Javascript (or something completely different?) that's causing this problem... which is why I'm coming here for advice :) TIA, Lee __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]