Login Register
Home » Support » Forums » Dijit (dijit.*, 0.9+) » Dijit Support » Dijit 1.1 wai class causing IE "secure/nonsecure" mixed content error

Dijit 1.1 wai class causing IE "secure/nonsecure" mixed content error

Submitted by sgoldenberg on Fri, 04/11/2008 - 13:21.

I know people have had this error before for various reasons with past versions of Dojo when running an app on HTTPS. With 1.1, I've been seeing it with every page of my app. I've narrowed down the problem to the dijit.wai namespace. After creating the a11y test node, the node is removed, which wasn't being done in previous versions. I don't see this error when this line is removed.

Is anyone else seeing this problem as a result of this? Should this be filed as a bug? Thanks.

‹ Dijit causes browsers to complain about mixed content (http and https) when running in SSL mode. Non editable ComboBox ›

I see a bug was filed

Submitted by becky on Wed, 04/23/2008 - 14:09.

I don't see this when I run via https but I don't have a valid certificate on my test server so IE complains about that. Can you provide a test URL? The div is being removed in order to avoid a memory leak but it is hard for me to try different alternatives if I can't reproduce the problem locally.

I filed the bug

Submitted by sgoldenberg on Wed, 04/23/2008 - 14:27.

Sorry but I don't have a test URL to share. I filed the bug just this morning because I had not gotten a single response a week after posting. I was seeing the warning running my app locally with Tomcat, but I'm almost certain that certificate being used was valid. We were also seeing it on a test server where the certificate was not valid. I think IE just takes issue when a node with an external background image property is removed or altered with a SSL connection.

I really need a test case

Submitted by becky on Thu, 04/24/2008 - 17:55.

I have my xampp apache test server set up to run ssl with an test/invalid certificate and I do not see the warning when I load the dijit test files (altho IE7 warns me not to open the page :). Can you post a simple example file that causes the warning? I am wondering if we remove the style before removing the div if that will solve the issue but can't know until I have a reproducible case on my server.
thanks!

I don't have any code that's

Submitted by sgoldenberg on Thu, 04/24/2008 - 18:19.

I don't have any code that's doing anything special. I'm just loading Dojo and Dijit. I think you just need to try with a valid certificate. The warning is a known IE bug.

http://support.microsoft.com/kb/925014

I work for a startup and unfortunately don't have a HTTPS test server I can share. We first discovered this defect when we moved our app over to HTTPS and discovered that a few bad apples had been writing inline CSS.

Dijit test file

Submitted by becky on Thu, 04/24/2008 - 19:32.

Can you at least confirm that it happens with one of the test files found in dijit/tests/ directory? Or is it associated with loading a form or submitting data? I don't have access to a valid certificate.

Work-around

Submitted by NicoleTedesco on Fri, 05/09/2008 - 18:37.

The work-around for this problem is to specify the absolute URL (with the leading https://) in the initial Dojo library load. For instance:

<script type="text/javascript" src="https://www.foo.com/js/dojo/1.1.0/dojo/dojo.js"></script>

Dojo ticket #6603 (http://trac.dojotoolkit.org/ticket/6603) probably nails the problem. FF2, there is no problem. IE6/IE7, there is a problem and it probably is related to the search algorithm used to find internationalization code (if not found, check the parent directory...). I am willing to bet this is a problem with the underlying Microsoft HttpXmlRequest ActiveX object not checking the original calling URL protocol field and assuming http if not explicitly given.

This work-around forces the search for internationalization files to include the https protocol in the AJAX URLs so that the Microsoft HttpXmlRequest will not be left to make any wrong protocol guesses.