Using secure connections (https)  XML
Forum Index -> General Help
Author Message

Joined: 17/Jul/2006 00:00:00
Messages: 84


I need to run an application using secure connection (https). The problem is that for every opened page I get the message "You have non secure elements ......". I tried to find a solution in the tutorials and forums with no succes.

So, can any one help me out on the steps neede to prepare my application so it runs using https?

Thanks a lot


Joined: 05/Jan/2007 00:00:00
Messages: 3

I have the same problem, and what I noticed is that icefaces generates an iframe with no src attribute.

If I add, manually, this attribute like this:

The message stops appearing.

I think that this is a bug and it should be fixed in icefaces' source code.

Any ideas?

Joined: 05/Jan/2007 00:00:00
Messages: 3

I added the following line:

iframe.setAttribute("src", "false;");

in com.icesoft.faces.context.DOMResponseWriter, after line 409 (using source code of version 1.5.1)

Then, I patched icefaces.jar with my new-compiled class. After this, the message stopped appearing.

I suggest ICEfaces team to include this fix in the official distribution.


Rodrigo L.
PS: See attached file
 Filename DOMResponseWriter.java [Disk] Download
 Description Fixed DOMResponseWriter
 Filesize 27 Kbytes
 Downloaded:  473 time(s)


Joined: 08/May/2006 00:00:00
Messages: 2989


Thanks, I've logged a bug for this and forwarded on your suggested fix.



Joined: 26/Oct/2004 00:00:00
Messages: 1332


Can someone please provide more information on how to reproduce the issue that is being discussed here?

- Where does the error appear (browser dialog window, etc.)
- What browser and version are you using when you see the problem.
- What other ICEfaces configurations are being used (async, sync, SSL, etc.).

We are having trouble reproducing the issue.


Ken Fyten
VP Product Development
ICEsoft Technologies, Inc.

Joined: 20/Nov/2006 00:00:00
Messages: 117

I see it as well when you have MSIE 6 with security settings that warn you on mixed page types (SSL and nonSSL together). MSIE gives a pop-up warning. It's not the SSL cert error or anything like that. It says your page contains both secure and non-secure items. Do you want to display the nonscure items?

All of my ice pages use paging tables and I see it on every ICE page. We use the latest version.

I do not get the error message on firefox.

Joined: 04/Oct/2007 00:00:00
Messages: 13

The DOMResponseWriter seems to have changed for version 1.6 but the bug is still there. Any suggestions on how to apply the fix for the newer version? Can this fix still work?

Joined: 04/Oct/2007 00:00:00
Messages: 13

My problem turned out to be a bug with selectInputText, caused by a line in ice-extras.js. Line 4931 builds an invalid url as it has a double forward-slash ('//'). This causes IE_6 to treat the iframe as though it had no source and thus it gives security warning. I'd suggest amending this line to:

new Insertion.After(this.update,"<iframe id=\""+this.update.id+"_iefix\" title=\"IE6_Fix\" "+"style=\"display:none;position:absolute;filter:progid:DXImageTransform.Microsoft.Alpha(opacity=0);\" "+"src=\""+configuration.connection.context+"xmlhttp/blank\" frameborder=\"0\" scrolling=\"no\"></iframe>");

The bug has been raised before but the fix that got into the current production code does not work without the change above.

Joined: 19/Mar/2007 00:00:00
Messages: 20

I have similar problem with IceFaces 1.6.2.
Error is shown when I tried to show modal popup panel on application runn on https protocol.
I investigate the problem, and found that in ice-extras.js in line 4216 is created iframe with src="about:blank", so I changed it to src="javascript:false" and now it is working.

But the only disadvantage of this change is that "false" is visible on left up corner on this iframe.

Also this iframe background color is not black, but it is not black always. Before this change also.

Joined: 06/Aug/2007 00:00:00
Messages: 8

I got the same problem with the new version:

Icefaces 1.7.1
IE 6.0 (SP2)
icefaces async = true
HTTPS connection

I do not get errors with popup-panels initiated by my view. The only problem is the popup that is displayed when the session is destroyed (user session expired") or the network connection is lost. With firebug you can see that the src-attribute of the iFrames that are rendered by the popups is not set. This causes the IE to display a warning that there is mixed content on the page.

Any chances that this will be fixed soon? Why is there no src-attribute set anyway like in the code the other popups render?

Looks like the same problem:
Forum Index -> General Help
Go to:   
Powered by JForum 2.1.7ice © JForum Team