By webengr on

After upgrade to new 4.7 from older 4.6, was able to overcome all except this issue which may be due to new features.

I have the entire website using https. All shows fine, the lock and all. I do use rewrite and edited .htaccess to have drupal as a folder. Never got an encryption warning with 4.6 so that was fine.

ON 4.7 if I go to the add content page or a page with new fancy features with Microsoft Internet Explorer I get a
"This page contains both secure and nonsecure items. Do you want to display the nonsecure items?"

While this dialog window is present, for example on the node/add/page
I don't see the triangle in front of ---File attachments--- nor do I see
the gray area under the textarea fields. If I click yes/no or X in the corner
I get same resulting page with the gray bar under textareas and the triangle in front
of ---File attachments--- indicating more collapsed info----

FIREFOX was not a picky and did not complain about both secure and non-secure...

It could be a browser problem interpreting the style or scripting? but unfortunately
many consumers use MSIE and because the website has private info, seeing a "nonsecure"
warning in dialog window is not a good thing for the call desk. So I really need to resolve this
operationally. Must be a new viewing feature tripping this?

Looking at the page source I see includes for css and javascript but no src calls for http,
so perhaps the included script is doing this on MSIE?

even read on http://drupal.org/node/61099 since I saw

Categories: Drupal 4.7.x

Comments

caras’s picture

caras commented

probably an issue cause of your extern css file.. check it and be sure that every links there are relative or if absolute have https prefix.. also check ur extern js files...

webengr’s picture

webengr commented

It was a fresh install to my knowledge. So if it is in the extern css file, which I thought also...
then it could be this way for anyone using drupal 4.7 - It very well could be an IE issue.

I did the patch for 4.7.1, and as expected it made no difference to this issue.

whenever a collapsed menu in the body shows up, like add content, the issue pops up.

so yes, however the new menu was implemented for options - that introduced this issue for some IE I think.

Most users and propbably most developers don't have the entire website https, so they never notice this gremlin, perhaps.

geme4472’s picture

geme4472 commented

webengr, were you able to pinpoint where in the js or css this was happening? I have yet been unable to locate the culprit and fear that I may lose the balance of my hair. I have checked all css and js files and all paths are relative. Is there any good way to troubleshoot this? I've viewed the source, to no avail.

Thanks.

EDIT: I just tested this with the search module, thinking that I'd get the mixed security error, but I did not. So the problem must not be related to the expand/collapse jscript new to 4.7. Same results with the forms in the user account area. No errors there either.

EDIT: drupal.js creates an iframe in the function redirectFormButton, which is called by upload.js, assuming you have the upload module enabled and the nodetype set to allow uploads.

robert.redl@easytouch.cc’s picture

robert.redl@easytouch.cc commented

Hi, I have the same issue, and tested it now.

I found out, that with
- Druapl 4.7.2 fresh install
- Module Upload enabled
the IE error comes if you edit a page.

The source should be misc/drupal.css.

In the watchdog log on page ?q=admin I see two entries:
Location: https://example.com/drupal-4.7.2/pagerror.gif Message: pagerror.gif not found.
Location: https://example.com/drupal-4.7.2/refresh.gif Message: refresh.gif not found.

If I disable the drupal.css as described in http://drupal.org/node/23215 the error is gone.

Strange is the following: If I search one folder above drupal with
# grep refresh.gif drupal-4.7.2 -R
I get no results. (How can a missing file create an error entry, if itself and no line in all scripts and subfolders conatin it?)

Related articles:
How can I disable a single 'collapsed' field/area?
http://drupal.org/node/59014
Overriding drupal.css; two approaches
http://drupal.org/node/23217
Not including drupal.css
http://drupal.org/node/23215

robert.redl@easytouch.cc’s picture

robert.redl@easytouch.cc commented

Cause:
http://support.microsoft.com/default.aspx?scid=kb;en-us;261188
When you browse to a page through HTTPS, you may receive following Security Information warning message:
This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?
This occurs when the page contains an IFRAME that does not specify a SRC attribute.

Solution:
(issue) http://drupal.org/node/60565
Change one line in misc/drupal.js (around line 336) to include the src= attribute in the iframe

misc/drupal.js (line 336)

div.innerHTML = '<iframe <strong>src="javascript:false;"</strong> name="redirect-target" id="redirect-target" class="redirect" onload="window.iframeHandler();"></iframe>';
webengr’s picture

webengr commented

adding src="javascript:false;"

YES THAT FIXED IT

------

Has someone put it a bug report on this to make sure it gets rolled into the next revision?

akolahi’s picture

akolahi commented

Had the exact same problem... and it worked for me too!!! :)

RALPHHORN’s picture

RALPHHORN commented

ease touch:

I have the same message displayed each time, by opening such as google talk page.

Glad your info was halpfull to others, but to me you speak polish.
please be more specific, on how to add the src in the Iframe, and a directory pleaese

Note: I use IE6.
Regards

RALPHHORN’s picture

RALPHHORN commented

While trying to fix it on my own, I went to > tools
> internet options
> security
> custom level
> checked ENABLE at "display mixed content". (PROMPT was checked)

Rest is history.

If I did something wrong or not right, notify please.

The best