如何解决这个安全问题 [英] How to overcome this security issue

问题描述

我已经实现调用在每10秒的服务器控制器的操作一个Ajax投票脚本。有了回应，我更换的内容 DIV ：

I have implemented an ajax-polling script that calls an action in the server Controller every 10 seconds. With the response, I replace the content of a div:

function getFoo() {
    var link = '/Secure/GetFoo';

    $.post(link, function (response) {
        $('#FooSection').replaceWith(response);
    });

    setTimeout("getFoo();", 10000);
}

这是通过的 HTTPS 的完成。之后被闲置一段时间后，IE浏览器会显示以下信息：

This is done through https. After some time of being "idle", IE displays the following message:

本页面被访问信息   不在其控制下。本   会带来安全风险。你想要_____吗   继续吗？

This page is accessing information that is not under its control. This poses a security risk. Do you want to continue?

如果用户点击的是的，页面被重定向到 DIV 只显示响应。如果用户点击的没有的，什么也没有发生，但 DIV 容器将不会被刷新。

If the user clicks Yes, the page is redirected to the div displaying the response only. If the user clicks No, nothing happens, but the div container will not be refreshed.

我知道<一个href="http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/how-do-i-get-rid-of-this-page-is-accessing/ca546963-a4df-4ff0-b524-5d46c1232b15">I可以燮preSS此消息通过浏览器设置，但这样做只是让我到一个默认的是的选择根据上面的对话框。

I know I can suppress this message through browser settings, but that will just bring me to a default Yes selection as per the above dialog.

有一个类似的问题一直是<一href="http://stackoverflow.com/questions/1890565/how-to-sup$p$pss-this-page-is-accessing-information-not-under-its-control">asked 过，但遗憾的是没有发生过任何的解决方案。我基本上要赚上的安全连接我的Ajax的民意调查工作。任何想法？

A similar issue has been asked before, but unfortunately there hasn't been any solution. I basically want to make my ajax-polling work even on a secure connection. Any ideas?

推荐答案

您应该永远也看不到一个以互联网为区域页面上的对话。默认情况下，该操作被静默，并自动阻止Internet区域。

You should never see that dialog on an Internet-Zone page. By default, this operation is silently and automatically blocked in the Internet Zone.

有两个根本原因出现在Intranet区域的对话框：

There are two root causes for that dialog to appear in the Intranet zone:

1>如果试图这样做使用XMLHTT prequest对象跨域请求(http://blogs.msdn.com/b/ieinternals/archive/2011/04/22/ie-security-prompt-page-accessing-cross-domain-information-not-under-its-control.aspx)

1> Attempting to do a cross-origin request using the XMLHTTPRequest object (http://blogs.msdn.com/b/ieinternals/archive/2011/04/22/ie-security-prompt-page-accessing-cross-domain-information-not-under-its-control.aspx)

2>试图浏览一个对象标记托管HTML到跨源页。

2> Attempting to navigate an OBJECT Tag hosting HTML to a cross origin page.

您可以避开情况＃1使用代替XMLHTT prequest XDomainRequest。 您可以避免情况＃2通过使用OBJECT标签的IFRAME来代替。

You can avoid case #1 by using XDomainRequest instead of XMLHTTPRequest. You can avoid case #2 by using an IFRAME instead of an OBJECT tag.

这篇关于如何解决这个安全问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！