Dynamically loading JS into iFrames - preventing IE7 popups whenleaving/entering secure connection

Discussion in 'Javascript' started by bizt, May 29, 2008.

  1. bizt

    bizt Guest

    Hi,

    I have a webpage where Im creating AJAX type requests by loading
    dynamic pages containg JavaScript into hidden iFrames. The reason I am
    opting for this method over XmlHttpRequest object requests is because
    I wish for some of my requests to be over a secure https:// connection
    and other not so private requests to be made over http:// .. using
    XmlHttpRequest I am unable to make requests between two domains http/
    https from the one page (which is an http page so https requests will
    not work .. so I have read anyway). So, the iFrame method system
    allows this but one slight issue which Im wanting to find a way
    around:

    When I load a page into one of my iFrames which is an https page, in
    IE7 (and IE6 I presume) give me a series of alerts telling me I am
    entering or leaving secure connection when Im not even leaving the
    page, which is quite alarming. I get about 4 of these for just one
    request. I was hoping that there is a way around this as I am worried
    that, especially at a time of transition from IE6 to IE7 and security
    options possibly reset, many new users to my site will get these
    alerts and be concerned with the security of my site.

    Does anyone have any ideas that may combat this if possible?
     
    bizt, May 29, 2008
    #1
    1. Advertising

  2. bizt

    VK Guest

    On May 29, 6:22 pm, bizt <> wrote:
    > Hi,
    >
    > I have a webpage where Im creating AJAX type requests by loading
    > dynamic pages containg JavaScript into hidden iFrames. The reason I am
    > opting for this method over XmlHttpRequest object requests is because
    > I wish for some of my requests to be over a secure https:// connection
    > and other not so private requests to be made over http:// .. using
    > XmlHttpRequest I am unable to make requests between two domains http/
    > https from the one page (which is an http page so https requests will
    > not work .. so I have read anyway). So, the iFrame method system
    > allows this but one slight issue which Im wanting to find a way
    > around:
    >
    > When I load a page into one of my iFrames which is an https page, in
    > IE7 (and IE6 I presume) give me a series of alerts telling me I am
    > entering or leaving secure connection when Im not even leaving the
    > page, which is quite alarming. I get about 4 of these for just one
    > request. I was hoping that there is a way around this as I am worried
    > that, especially at a time of transition from IE6 to IE7 and security
    > options possibly reset, many new users to my site will get these
    > alerts and be concerned with the security of my site.
    >
    > Does anyone have any ideas that may combat this if possible?


    Warnings on leaving encrypted page for non-encrypted one, on leaving
    non-encrypted for encrypted one, on loading a mixed content page with
    both encrypted and non-encrypted elements: are separate browser
    security settings you have no control over. Logically thinking: what
    would be any security warning good for is any server could disable
    it? ;-)

    So in your case you only can place a text on your page like "if you
    see a security warning, disregard it". Very silly and makes people
    even more suspicious - so rarely used.

    This is why HTTP <=> HTTPS jumps based solutions are not used as non-
    implementable with the desired usability. The final solution depends
    on the nature of the transmitted data. If it is a really sensitive
    information every time, then do the whole session under HTTPS.
    HTTPS is a rather resource expensive protocol, so many solutions are
    using it only on the authentication stage: thus login/password being
    submitted over HTTPS and if correct then server-side redirect to HTTP
    for the rest of the session.

    Yours to decide what of above to use in your own case.
     
    VK, May 29, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Frank Niessink
    Replies:
    3
    Views:
    382
    Scott David Daniels
    Jan 6, 2006
  2. Perecli Manole

    popups IE7

    Perecli Manole, Jun 27, 2007, in forum: ASP .Net
    Replies:
    9
    Views:
    627
    Alexey Smirnov
    Jun 29, 2007
  3. gh
    Replies:
    0
    Views:
    514
  4. Moe Sisko
    Replies:
    1
    Views:
    884
    George
    Aug 4, 2008
  5. Angela
    Replies:
    2
    Views:
    100
    Angela Lam
    Mar 5, 2004
Loading...

Share This Page