468,530 Members | 1,568 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,530 developers. It's quick & easy.

Dynamically loading JS into iFrames - preventing IE7 popups whenleaving/entering secure connection

Hi,

I have a webpage where Im creating AJAX type requests by loading
dynamic pages containg JavaScript into hidden iFrames. The reason I am
opting for this method over XmlHttpRequest object requests is because
I wish for some of my requests to be over a secure https:// connection
and other not so private requests to be made over http:// .. using
XmlHttpRequest I am unable to make requests between two domains http/
https from the one page (which is an http page so https requests will
not work .. so I have read anyway). So, the iFrame method system
allows this but one slight issue which Im wanting to find a way
around:

When I load a page into one of my iFrames which is an https page, in
IE7 (and IE6 I presume) give me a series of alerts telling me I am
entering or leaving secure connection when Im not even leaving the
page, which is quite alarming. I get about 4 of these for just one
request. I was hoping that there is a way around this as I am worried
that, especially at a time of transition from IE6 to IE7 and security
options possibly reset, many new users to my site will get these
alerts and be concerned with the security of my site.

Does anyone have any ideas that may combat this if possible?
Jun 27 '08 #1
1 1746
VK
On May 29, 6:22 pm, bizt <bissa...@yahoo.co.ukwrote:
Hi,

I have a webpage where Im creating AJAX type requests by loading
dynamic pages containg JavaScript into hidden iFrames. The reason I am
opting for this method over XmlHttpRequest object requests is because
I wish for some of my requests to be over a secure https:// connection
and other not so private requests to be made over http:// .. using
XmlHttpRequest I am unable to make requests between two domains http/
https from the one page (which is an http page so https requests will
not work .. so I have read anyway). So, the iFrame method system
allows this but one slight issue which Im wanting to find a way
around:

When I load a page into one of my iFrames which is an https page, in
IE7 (and IE6 I presume) give me a series of alerts telling me I am
entering or leaving secure connection when Im not even leaving the
page, which is quite alarming. I get about 4 of these for just one
request. I was hoping that there is a way around this as I am worried
that, especially at a time of transition from IE6 to IE7 and security
options possibly reset, many new users to my site will get these
alerts and be concerned with the security of my site.

Does anyone have any ideas that may combat this if possible?
Warnings on leaving encrypted page for non-encrypted one, on leaving
non-encrypted for encrypted one, on loading a mixed content page with
both encrypted and non-encrypted elements: are separate browser
security settings you have no control over. Logically thinking: what
would be any security warning good for is any server could disable
it? ;-)

So in your case you only can place a text on your page like "if you
see a security warning, disregard it". Very silly and makes people
even more suspicious - so rarely used.

This is why HTTP <=HTTPS jumps based solutions are not used as non-
implementable with the desired usability. The final solution depends
on the nature of the transmitted data. If it is a really sensitive
information every time, then do the whole session under HTTPS.
HTTPS is a rather resource expensive protocol, so many solutions are
using it only on the authentication stage: thus login/password being
submitted over HTTPS and if correct then server-side redirect to HTTP
for the rest of the session.

Yours to decide what of above to use in your own case.
Jun 27 '08 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by UJ | last post: by
reply views Thread by Twinkles | last post: by
reply views Thread by NPC403 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.