I have a problem facing a public website on which we are working.
Reference:
The website is served on HTTP, and each page has an iframe which is served on HTTPS . The website also uses the required.js as a module loader.
Problem: However, the "normal" (included in HTML) script loads properly on HTTP, throwing dynamic scripts SEC7111 loaded by Require.js : HTTP file path on IT & gt; has been compromised with HTTPS security, no matter what version.
As a result, users are presented with this message:
Yes, users can click on the Show all content button to force JS files to load, but the experience is useless.
Note:
- The scripts that throw error are related to the main page, and
iframe < Li> The problem is clearly related to the safe - The problem is not present on Firefox or Chrome. Question:
- Do anyone know that IE complains about JS files that HTTP Has been served on?
- Does anyone have a solution, so the user has not been presented with the message and all the scripts are loaded without user without any other action?
iframe if the page has been removed, the errors have disappeared
A trick is "fix" which is specified in the IE team to deal with mixed content. :
Specify the source of the page's resources using form-related hyperlinks, for example "// example .com / image.gif". When a user visits such a secure page in which such reference (eg.) Will result in evaluation of the URI. On the other hand, if the user goes to the same page using HTTP, the resultant URI will be evaluated. In this way, site developers can easily create pages that work for either HTTP or HTTPS without starting any mixed content vulnerabilities.
No comments:
Post a Comment