When running a webapp written with dojo 1.0.2 in SSL mode, IE complains on mixed content (i.e. http and https) and asks if it if o.k. to load the non secure content.
This is a major issue with dojo when trying to develop professional webapps.
Guy.
When running a webapp written with dojo 1.0.2 in SSL mode, IE complains on mixed content (i.e. http and https) and asks if it if o.k. to load the non secure content.
This is a major issue with dojo when trying to develop professional webapps.
Guy.
hmm i use dojo and dijit on
hmm i use dojo and dijit on an https machine all the time without warnings. what specifically is the mixed content? all the images and resources are using relative paths, and should be on the same host anyway.
unless you are trying to use the AOL-Hosted 1.0.2 x-domain build. they don't offer an https:// afaik, and you will see mixed content warnings, but you should not be using AOL's CDN if you are making a professional webapp.
No, I'm not using the AOL build.
I think it may be related to a specific widget, since it is happening only at certain pages.
(From past experience I know that IE has some funny behavior when using iframes and not setting a src url).
In dojo's case, I suspect right now that the TitlePane is the source for the problem, but i will get back with some more info once I have some.
I saw this same problem
I saw this same problem years ago on an app that used a dynamically generated calendar popup. We solved that problem by placing the html and js into an html file on the server (rather than generating the entire popup from js in the parent page). Anyway, that may give you an idea of what to look for. I'm guessing that you'll find that it is limited to one widget that generates some kind of popup.
It is not an actual resource that causes the warning
Looking further into it with a proxy, there is no "real" attempt to fetch non-secure resource.
Which suggests it is something like what I mentioned above (empty src attribute) or some other weird issue IE has with a certain HTML object.
In any case, I'm planning to upgrade to Dojo 1.1 as soon as it is released and will report back if the problem was resolved with that version.
Same thing happens with Dojo 1.1
So this issue also happens with dojo 1.1 whenever I navigate to a page that had the TitlePane with IE in SSL mode. :)
Same problem with Dojo 1.1.0 and the "Hello World" example
I have installed the entire Dojo toolkit release on my server in order to avoid this very issue (I call it in the HTML using a root-relative URL with no protocol, either "http" or "https" in order to be flexible). I am new to Dojo, so I had replicated the "Hello World!" Button example. Bingo! Working in SSL mode I easily replicate this problem.
Found a work-around!
The work-around for this problem is to specify the absolute URL (with the leading
https://) in the initial Dojo library load. For instance:<script type="text/javascript" src="https://www.foo.com/js/dojo/1.1.0/dojo/dojo.js"></script>Dojo ticket #6603 (http://trac.dojotoolkit.org/ticket/6603) probably nails the problem. FF2, there is no problem. IE6/IE7, there is a problem and it probably is related to the search algorithm used to find internationalization code (if not found, check the parent directory...). I am willing to bet this is a problem with the underlying Microsoft
HttpXmlRequestActiveX object not checking the original calling URL protocol field and assuminghttpif not explicitly given.This work-around forces the search for internationalization files to include the
httpsprotocol in the AJAX URLs so that the MicrosoftHttpXmlRequestwill not be left to make any wrong protocol guesses.