GWT应用程序生成IE不安全项目警告 [英] GWT application generating IE insecure item warning
问题描述
我们的服务通过HTTPS运行,目前我们正在尝试在其中运行一个已编译的GWT应用程序,只有客户端,没有RPC:s。
包含在IFRAME中,这似乎是推荐的(例如: http://developerlife.com/教程/?p = 231 ,标题为HTTPS和HTTP)。
在GWT应用程序中执行某些操作时,它会生成一个不安全的项目警告。
http://bagonca.com/insecure_item.png
<你可能会问自己,为什么我不使用一些漂亮的Firefox插件来查看可能通过http的请求。或者为什么我不使用Internet Explorer中的HTTPWatch出于同样的原因。我有。没有任何不安全的请求,我可以在任何地方找到。
另一方面,我所读到的是Internet Explorer针对未设置src属性的iframe引发此警告。对于任何动态填充的iframe,可能的解决方法是使用src =javascript:false。
正如我所说的,整个应用程序通过IFRAME包含在内,并且GWT自己生成隐藏的IFRAME,如下所示。
< iframe tabIndex = - 1id =gwt-appsrc =javascript:''style =border-bottom:medium none; position:absolute; border-left:medium none; width:0px; height:0px; border-top:medium none; border-right:medium none;>
我试着将上面的src属性硬编码到实际存在的空白页面, HTTPS在同一个域上。我试过javascript:false;做法。没有运气。该应用程序就像一个魅力,但IE会抛出无用的和虚假的警告。
当我在应用程序中执行某些操作时发生此警告,而不是在加载时。实际上,在 http://code.google.com/p/gwt中拖放约会-calendar / 组件。
有没有人遇到过类似的问题?任何线索?
还有其他Javascript代码片段也会导致问题。请参阅:
http://blog.httpwatch.com/2009/09/17/even-more-problems-with-the-ie-8-mixed-content-警告/
另外,请仔细阅读以下内容:
http://blog.httpwatch.com/2009/04/23/fixing-the-ie-8-warning-do-you-want-to-view-only-该网页内容已被交付安全/
一些评论者发现并修复了其他警告原因。 p>
Our service runs over HTTPS and we're currently experimenting with running a compiled GWT-application within it, only client side, no RPC:s.
It is included within an IFRAME, which seems to be recommended (here for example: http://developerlife.com/tutorials/?p=231 under the heading HTTPS and HTTP).
When doing certain operations within the GWT-app, IE it generates an insecure item warning.
http://bagonca.com/insecure_item.png
You may ask yourself why I don't use some nifty Firefox plugin to see what request might be over http. Or why I don't use HTTPWatch in Internet Explorer for the same reason. I have. There are no insecure requests that I can find, anywhere.
What I have read about on the other hand is that Internet Explorer throws this warning for iframes without the src attribute set. And that a potential fix is using src="javascript:false" for any iframe that is populated dynamically.
As I've said, the whole app is included via an IFRAME, and within it GWT itself generates a hidden IFRAME that looks like below.
<iframe tabIndex="-1" id="gwt-app" src="javascript:''" style="border-bottom: medium none; position: absolute; border-left: medium none; width: 0px; height: 0px; border-top: medium none; border-right: medium none;">
I've tried hard coding the src attribute above to a blank page that actually exists and is called with HTTPS on the same domain. I've tried the javascript:false; approach. No luck. The app works like a charm, but IE throws the useless, and false warning.
The warning turns up when I do certain actions within the app, not when it is loaded. Actually when dragging and dropping appointments within the http://code.google.com/p/gwt-calendar/ component.
Has anyone tangled with a similar issue before? Any clues?
There other snippets of Javascript that can also cause a problem. Please see:
http://blog.httpwatch.com/2009/09/17/even-more-problems-with-the-ie-8-mixed-content-warning/
Also, have a look through the pile of comments on:
Some of the commenters have found and fixed other causes of the warning too.
这篇关于GWT应用程序生成IE不安全项目警告的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
