Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    New to the CF scene
    Join Date
    Aug 2002
    Location
    Las Vegas, NV
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts

    close() throws security warning

    Hello,

    I have a script that is part of a shopping cart application I found on the internet and have been working on. I am running it on a secure server (https). It runs perfectly, except that when it reaches the close() statement shown below, it throws a "You have requested an encrypted page the contains some unencrypted information."

    Briefly, the frames are set up like this:

    <FRAMESET Rows="52, *" BORDER="0" FRAMEBORDER= "NO">
    <frame NAME = "TopFrame" SRC="sc2.html" FRAMEBORDER="NO" SCROLLING="NO" >
    <FRAMESET Cols="70%,30%">
    <frame src="bassoonsc.html" name="code">
    <frame src="about:blank" name="cart"></FRAMESET></FRAMESET>

    The function that causes the problem:

    function CartQuest() {
    var totalcost=0;
    with (parent.cart.document) {
    open();
    write("<CENTER><FONT COLOR=993300><FONT SIZE=+2><B>Your Order</B></FONT></FONT></CENTER><HR>");

    . . . lots of statements . . .

    close();
    }

    I have left out the details, but I have isolated the error to the close() statement.

    Thanks,

    Gary

  • #2
    Senior Coder
    Join Date
    Jun 2002
    Location
    UK
    Posts
    1,137
    Thanks
    0
    Thanked 0 Times in 0 Posts
    are the pages in the other frames on a https:// server? if they are not secure page that is what could be causing an error.

    scroots
    Spammers next time you spam me consider the implications:
    (1) that you will be persuaded by me(in a legitimate mannor)
    (2)It is worthless to you, when i have finished

  • #3
    New to the CF scene
    Join Date
    Aug 2002
    Location
    Las Vegas, NV
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have gone through the code very carefully looking for anything that wasn't local. I have not found anything. The javascript code is in the parent window and is writing to a child window on the right on the screen. Everything in that window is dynamically generated with Write statements.

    I have tested the code with alert statements and isolated the problem to the close().

  • #4
    Senior Coder
    Join Date
    Jun 2002
    Location
    41 8' 52" N -95 53' 31" W
    Posts
    3,660
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You have requested an encrypted page the contains some unencrypted information.

    That error sounds like you have absolute paths to images on the page, which don't have "https://" in front of them.

    Just an educated guess. I'd double check all of your image paths, and make sure you change them if you need to - for example in ASP you could do something like this:

    <%
    HTTPS = Request.ServerVariables("HTTPS")
    If HTTPS = "ON" Then
    Path = "https://www.yourwebsite.com/"
    Else
    Path = ""
    End If %>

    And for each image on any pages that may be secure:

    <img src="<% = Path %>image1.jpg" />
    Former ASP Forum Moderator - I'm back!

    If you can teach yourself how to learn, you can learn anything. ;)

  • #5
    New to the CF scene
    Join Date
    Aug 2002
    Location
    Las Vegas, NV
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Nope. I went through each and every image and reference made sure the full path was coded.

    If that were true the error would appear on loading instead of when close() is executed.

  • #6
    Senior Coder
    Join Date
    Jun 2002
    Location
    41 8' 52" N -95 53' 31" W
    Posts
    3,660
    Thanks
    0
    Thanked 0 Times in 0 Posts
    So can you post the URL? Or the relevant code?
    Former ASP Forum Moderator - I'm back!

    If you can teach yourself how to learn, you can learn anything. ;)

  • #7
    New Coder
    Join Date
    Aug 2002
    Location
    Californication
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I've only encountered that error message in the scenario that scroots & whammy have described.

    It's difficult to find the root of the problem, with such a big chunk of code missing. We have to take your word for it instead of combing through the code ourselves (I'm sure your eyes are perfectly capable, but you know how it gets when you've been staring at the same code for too long ).

    This might be too simplistic, but maybe "about:blank" is considered external to the secure server?
    It's quoted in the Bible, Revelations ... Behold the pale horse. The man who sat on him was death, and Hell followed with him.

  • #8
    New to the CF scene
    Join Date
    Aug 2002
    Location
    Las Vegas, NV
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I think it *may* possible that about:blank is part of the problem or is at least related. I have tried reworking this part of the code and put in a named url but it didn't make any difference.

    There is nothing in any of the code that is missing that is causing a problem. I inserted alert statements in the code until I found the problem and it happens at the close() statement. There is something that happens when it is executed that makes both Explorer and Mozilla think that security has been violated.

  • #9
    New to the CF scene
    Join Date
    Aug 2002
    Location
    Las Vegas, NV
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Here is the url. I have disabled the order button.

    https://secure.donax-us.com/www.vcisinc.com/sc.html

  • #10
    Senior Coder
    Join Date
    Jun 2002
    Location
    41 8' 52" N -95 53' 31" W
    Posts
    3,660
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hmm... that is indeed a dilemma - however I notice when I choose "not" to display the non-secure items, that the right frame doesn't seem to load properly (it says "Navigation Cancelled") and then redirects to another page.

    Everything else that I looked at appears to be secure (unless I missed something) - so that leads me to believe the problem is with whatever initially loads in your right frame (which appears to be "about:blank") - but I'm just guessing here still, and it mystifies me that you tried another URL and it did the same thing - was the other URL secure?!

    I think I'm as baffled as you are - perhaps it's something in the way javascript deals with frames that is throwing the error, that I haven't ever experienced (which is not surprising, since I have never used frames/javascript on a secure site to this point)?



    I wish I could help more... I'll run this by some other developers at work and see if they have any idea (but we don't have a need to do too much with javascript there in combination with frames (at least on most of our secure pages), so I don't hold out much hope on that!)
    Former ASP Forum Moderator - I'm back!

    If you can teach yourself how to learn, you can learn anything. ;)

  • #11
    New to the CF scene
    Join Date
    Aug 2002
    Location
    Las Vegas, NV
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    When I was doing some testing, I disabled the initial loading of the right frame (which normally loads automatically when the left frame loads).

    Clicking one of the order buttons in the left frame runs functions including the same one that loads the right frame. The error would be triggered at the very end of the function when it got to the close() statement.

    I think that there is something about this function that the browser thinks is doing something outside of secure domain. I just don't know how to fix it. I have tried things like window.close() but it really closes everything.

    If I take the close() statement out, the error is not triggered but the next time the order button is pressed another instance of the order form is written below the first one.

    Thanks for your efforts.

  • #12
    Senior Coder
    Join Date
    Jun 2002
    Location
    41 8' 52" N -95 53' 31" W
    Posts
    3,660
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Indeed it does sound like javascript is throwing the error because you're trying to close a window that it thinks is in another domain. Not sure about that - but perhaps one of the javascript gurus here can provide some help (I'm just a javascript hack, although I can get stuff to work most of the time!).
    Former ASP Forum Moderator - I'm back!

    If you can teach yourself how to learn, you can learn anything. ;)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •