Dynamically loading JS into iFrames - preventing IE7 popups whenleaving/entering secure connection

B

bizt

Hi,

I have a webpage where Im creating AJAX type requests by loading
dynamic pages containg JavaScript into hidden iFrames. The reason I am
opting for this method over XmlHttpRequest object requests is because
I wish for some of my requests to be over a secure https:// connection
and other not so private requests to be made over http:// .. using
XmlHttpRequest I am unable to make requests between two domains http/
https from the one page (which is an http page so https requests will
not work .. so I have read anyway). So, the iFrame method system
allows this but one slight issue which Im wanting to find a way
around:

When I load a page into one of my iFrames which is an https page, in
IE7 (and IE6 I presume) give me a series of alerts telling me I am
entering or leaving secure connection when Im not even leaving the
page, which is quite alarming. I get about 4 of these for just one
request. I was hoping that there is a way around this as I am worried
that, especially at a time of transition from IE6 to IE7 and security
options possibly reset, many new users to my site will get these
alerts and be concerned with the security of my site.

Does anyone have any ideas that may combat this if possible?
 
V

VK

Hi,

I have a webpage where Im creating AJAX type requests by loading
dynamic pages containg JavaScript into hidden iFrames. The reason I am
opting for this method over XmlHttpRequest object requests is because
I wish for some of my requests to be over a secure https:// connection
and other not so private requests to be made over http:// .. using
XmlHttpRequest I am unable to make requests between two domains http/
https from the one page (which is an http page so https requests will
not work .. so I have read anyway). So, the iFrame method system
allows this but one slight issue which Im wanting to find a way
around:

When I load a page into one of my iFrames which is an https page, in
IE7 (and IE6 I presume) give me a series of alerts telling me I am
entering or leaving secure connection when Im not even leaving the
page, which is quite alarming. I get about 4 of these for just one
request. I was hoping that there is a way around this as I am worried
that, especially at a time of transition from IE6 to IE7 and security
options possibly reset, many new users to my site will get these
alerts and be concerned with the security of my site.

Does anyone have any ideas that may combat this if possible?

Warnings on leaving encrypted page for non-encrypted one, on leaving
non-encrypted for encrypted one, on loading a mixed content page with
both encrypted and non-encrypted elements: are separate browser
security settings you have no control over. Logically thinking: what
would be any security warning good for is any server could disable
it? ;-)

So in your case you only can place a text on your page like "if you
see a security warning, disregard it". Very silly and makes people
even more suspicious - so rarely used.

This is why HTTP <=> HTTPS jumps based solutions are not used as non-
implementable with the desired usability. The final solution depends
on the nature of the transmitted data. If it is a really sensitive
information every time, then do the whole session under HTTPS.
HTTPS is a rather resource expensive protocol, so many solutions are
using it only on the authentication stage: thus login/password being
submitted over HTTPS and if correct then server-side redirect to HTTP
for the rest of the session.

Yours to decide what of above to use in your own case.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top