If I install a fresh Drupal 4.7.2 on a SSL host and enable the upload module,
Internet Explorer shows an error message that unsecure items exist.

Anamnesis:
watchdog log on page ?q=admin shows two error messages if I click on Internet Exlporer
to not show the unsecure items:
Location: https://example.com/drupal-4.7.2/pagerror.gif Message: pagerror.gif not found.
Location: https://example.com/drupal-4.7.2/refresh.gif Message: refresh.gif not found.

The funny part is, that I cannot find these two gif files, not in the filesystem and also
not in the scripts code. Where are this two magic .gif files called if there is no line
in the code referencing them?

Tested with
- Drupal 4.7.2
- also tried to replace upload module with cvs version
upload.module,v 1.108 2006/06/11 23:58:55 drumm (but same effect)

Settings:
To be sure, I also set the full path to the https host in /sites/default/settings.php

Related Articles:
(forum) secure and non secure items on pages with collapsed content if SSL
http://drupal.org/node/64711

Comments

robert.redl@easytouch.cc’s picture

robert.redl@easytouch.cc commented
Project: upload (simple) » Drupal core
Version: master » 4.7.2
Component: Code » upload.module

moved to drupal, as I put it to the wrong module. Maybe It should be filed under Bluemarine Theme as it is a theming issue?

robert.redl@easytouch.cc’s picture

robert.redl@easytouch.cc commented
Title: IE error message in SSL Installation of Drupal 4.7.2 with upload.module enabled » Internet Explorer SSL warning - SRC attribute missing in drupal.js iframe
Status: Active » Closed (duplicate)

Sorry, was a duplicate to this workaround http://drupal.org/node/60565

I post cause and solution also here, if someone wants to save a click.

Cause:
http://support.microsoft.com/default.aspx?scid=kb;en-us;261188
When you browse to a page through HTTPS, you may receive following Security Information warning message:
This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?
This occurs when the page contains an IFRAME that does not specify a SRC attribute.

Solution:
(issue) http://drupal.org/node/60565
Change one line in misc/drupal.js (around line 336) to include the src= attribute in the iframe

misc/drupal.js (line 336)

div.innerHTML = '<iframe <strong>src="javascript:false;"</strong> name="redirect-target" id="redirect-target" class="redirect" onload="window.iframeHandler();"></iframe>';
robert.redl@easytouch.cc’s picture

robert.redl@easytouch.cc commented

Dont forget to
- clear the cahe (SQL: TRUNCATE table 'cache')
- close all Internet Explorer Windows before you test again.