IE6& 7的原因是“此页面包含安全和非安全项目”。 [英] IE6&7 causes of "This page contains both secure and nonsecure items"
问题描述
我有一个在IE6& 7显示(错误)一个对话框,内容如下:
I have an HTTPS site that in IE6 & 7 displays (in error) a dialog that reads:
此页面包含安全和非安全项目
This page contains both secure and nonsecure items
你想显示不安全的项吗?
Do you want to display the nonsecure items?
这在任何适当的浏览器中都不会发生,但是网站是公司的,许多客户仍在Windows 2000和IE6上。
This doesn't happen in any proper browsers, but the site is corporate and lots of customers are still on Windows 2000 and IE6.
我熟悉(并已消除)此消息的以下可能原因:
I am familiar with (and have eliminated) the following possible causes of this message:
-
页面加载的一个或多个资源有
http://而不是https://- 这是显示错误的唯一合理原因,并且在工作浏览器中也会导致相同的消息。 Fiddler 可以识别加载的非安全资源,因此很容易修复。
One or more of the resources loaded with the page have
http://instead ofhttps://- this is the only legitimate reason to display the error, and would cause the same message in working browsers too. Fiddler can identify the resources loaded nonsecure, so this is easy to fix.
IE行为 .htc 加载文件以提供DHTML功能 - 即使从
IE behaviour .htc files are loaded to provide DHTML features - these often are treated as unencrypted even if delivered across from an https:// URL, which made them pretty useless even back when IE6 was new. It's not a good idea to use these in the first place.
IE将空帧视为非安全资源,因此< iframe src =或< iframe src =about:blank都会导致此错误。这很容易在代码中找到并修复。
IE treats empty frames as nonsecure resources, so <iframe src="" or <iframe src="about:blank" both cause this error. This is easy to find and fix in the code.
IE5用于在使用ActiveX XMLHTTP组件时以非安全方式发送AJAX请求。我不认为这是IE6及以上版本的问题。
IE5 used to send AJAX requests as nonsecure when using the ActiveX XMLHTTP component. I don't think this is an issue in IE6 and above.
IE 6或7不支持数据URI,也不会显示,但如果CSS中包含任何导致非安全警告的内容。对于不使用它们的IE,我们有不同的CSS。
Data-URIs are not supported by IE 6 or 7, and won't be displayed, but if any are included in the CSS that results in a nonsecure warning too. We have different CSS for IE that doesn't use them.
脚本标签源代码中的Javascript协议链接报告为非安全: < script type =text / javascriptsrc =javascript:void(0)> 清除 src 属性可轻松避免(谢谢Eric!)
Javascript protocol links in the source for script tags report as nonsecure: <script type="text/javascript" src="javascript:void(0)"> Easily avoided by clearing the src attribute (thanks Eric!)
没有加载外部库,页面或动态,没有使用CDN。我们确实使用了一些第三方插件,但它们是安全发送的,不会动态加载任何其他内容。
No external libraries are loaded, with the page or dynamically, and no CDN is used. We do use some third party plug ins, but they're delivered securely and don't dynamically load any further content.
<关于这个IE漏洞,这里有很多,但到目前为止我发现的所有问题都指出了我已经消除过的上述问题之一。
There's lots on here about this IE bug, but all I've found so far point to one of the issues above that I've already eliminated.
是否有IE6和IE中的任何其他错误7可能是导致此错误的原因?
Are there any other bugs in IE6 & 7 that could be the cause of this error?
有没有办法确定IE认为哪种资源是不安全的?
Is there any way to identify which resource IE thinks is the nonsecure one?
推荐答案
我找到了问题的根源,但需要进行一些挖掘。
I've found the source of the problem, but it took some digging.
首先 Eric Law 提出了原型工具(exe) 另一个答案,帮助确定问题。
Firstly Eric Law has come up with a prototype tool (exe) in another answer that helped identify the problem.
非安全资源是:
data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs=
问题是IE6不支持数据URI,所以我们不使用它们。那么它来自哪里?
The problem is that IE6 doesn't support data URIs, so we don't use them. So where has this come from?
事实证明,jQuery UI 1.8是问题,特别是对 CSS中的另一个错误:
It turns out that jQuery UI 1.8 is the problem, specifically a fix for another bug in the CSS:
.ui-resizable-handle { position: absolute;font-size: 0.1px;z-index: 99999; display: block;
/* http://bugs.jqueryui.com/ticket/7233
- Resizable: resizable handles fail to work in IE if transparent and content overlaps
*/
background-image:url(data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs=);
}
看起来像是其他人也发现了这个问题,并且已在最新的jQuery UI CSS(1.9或更高版本)中修复。
我的解决方法是将其替换为常规URL一个空白的GIF,问题解决了。
My fix was to replace that with a regular URL for a blank gif, problem solved.
这篇关于IE6& 7的原因是“此页面包含安全和非安全项目”。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
