[MAGNOLIA-2820] Backend with HTTPS - warning in IE7 Created: 24/Jul/09  Updated: 23/Jan/13  Resolved: 16/Nov/10

Status: Closed
Project: Magnolia
Component/s: admininterface
Affects Version/s: 3.6.3
Fix Version/s: 4.3.9, 4.4

Type: Bug Priority: Major
Reporter: Rainer Blumenthal Assignee: Ondrej Chytil
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File IE6-patch.patch     Text File Navigation.java     File Navigation.js     Text File Navigation.patch    
Template:
Patch included:
Yes
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

If you access the Magnolia Backend with HTTPS using an IE Browser: u get this warning:

"This page containsd secure and non-secure items..."
http://farm3.static.flickr.com/2263/2330340408_63a47989da.jpg?v=0

If you look here: http://weblogs.asp.net/rchartier/archive/2008/03/12/ie7-this-page-contains-both-secure-and-nonsecure-items.aspx
somebody seems to have found the cause.

The Magnolia Backend seems to use an iframe without "src" attribute - the "src" attribute is then set by JS. But on page-load the IE interpretes this as unsecure.



 Comments   
Comment by Frank Sommer [ 24/Jul/09 ]

I investigated the problem. And I checked the iframe src attributes, but the change of this attributes does not solve the problem. The problem is the magnolia menu. The icon are referenced per inline css.
If I remove the icon properties from the menu configuration and fix the Navigation.class of mgnl everthing is fine.

It is just a browser bug. Perhaps the including of img tags instead of css background images could solve the problem too.

Comment by Magnolia International [ 24/Jul/09 ]

If the findings in the blog above are correct, we'd need to fix Navigation.js to include the full url (protocol, host, contextpath) instead of just the icon path.
(line 351: cell.style.backgroundImage = 'url(' + this.getIcon () + ')';)

Comment by Frank Sommer [ 05/Aug/09 ]

Patched class info.magnolia.module.admininterface.Navigation.java. The patch avoids the setting of the CSS background, if icon is not set.

Comment by Frank Sommer [ 05/Aug/09 ]

Patched javascript mgnl-resources/js-classes/mgnl/admininterface/Navigation.js. The patch changes the icon rendering from CSS background to html images.

Comment by Magnolia International [ 09/Sep/09 ]

Thanks for the patchs, Frank ! (sorry for not reacting earlier)
(although "real" patch files would help - see http://documentation.magnolia-cms.com/contribute.html#Createpatches )

We'll have to test this a little further, seeing that it creates a table cell instead of using the background-image css property (that's if I read properly)

Comment by Magnolia International [ 13/Nov/09 ]

Here's an actual patch file; will not apply this for 4.2, as we'll need to test this on different browsers to make sure it's pixel-perfect

Comment by Rainer Blumenthal [ 16/Nov/09 ]

This patch didn't help for IE6 - we needed to patch a JS file to get it working in IE6 without security warning.

Is there a special Issue for IE6 and HTTPS - otherwise we could post the patch here, too.

Comment by Hans Tobler [ 01/Jul/10 ]

This issue is still open in magnolia 4.3.2 (our customer is using IE7)
In which version will you include this fix?

Comment by Hans Tobler [ 27/Jul/10 ]

Could you please give us an answer on my last question?

Comment by Rainer Blumenthal [ 27/Jul/10 ]

The IE6 patch is not perfect - it lets appear the magnolia logo in the right frame of the magnolia backend, at the very beginning of the page loading process. But the warning disappears...

If you need the patch - please assign the issue to Frank Sommer and ask him for.

Comment by Jan Haderka [ 27/Jul/10 ]

The issue will be fixed most likely in version 4.3.6.

Comment by Magnolia International [ 27/Jul/10 ]

@Rainer, no, there isn't a specific ticket for IE6/https, so patches are welcomed here.

Comment by Frank Sommer [ 02/Aug/10 ]

A further patch for IE6 is attached. This patch fixes the IE6 bug with empty IFrame src attributes. The magnolia logo is used instead as initial state.

Comment by Ondrej Chytil [ 16/Nov/10 ]

Thanks for patch Frank.

Generated at Mon Feb 12 03:40:25 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.