Bug 793924 (JBEPP-995)

Summary: IE 6 displays "This page contains both secure and nonsecure items" on every pages when using SSL
Product: [JBoss] JBoss Enterprise Portal Platform 4 Reporter: Masafumi Miura <mmiura>
Component: PortalAssignee: Thomas Heute <theute>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 4.3.0.GA_CP6CC: epp-bugs, minamoto
Target Milestone: ---   
Target Release: 4.3.0.GA_CP7   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/JBEPP-995
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
JBoss EPP 4.3 CP06 Internet Explorer 6 Enabling SSL
Last Closed: 2011-09-06 16:02:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
JBEPP-995-proposal.patch none

Description Masafumi Miura 2011-07-05 14:31:25 UTC 
Affects: Release Notes
Help Desk Ticket Reference: https://na7.salesforce.com/500A0000007ou02
project_key: JBEPP

It looks a same issue which was reported in JBPORTAL-2012.

The following patch suggested in the above JIRA seems to fix the issue. At least it resolved the issue in my local test. However, I am not sure if this is a good way to fix the issue or if it breaks anything else. Could you review the patch?

{noformat} 
Index: core/src/bin/portal-core-war/layouts/common/modal_body.jsp
===================================================================
--- core/src/bin/portal-core-war/layouts/common/modal_body.jsp	(revision 14000)
+++ core/src/bin/portal-core-war/layouts/common/modal_body.jsp	(working copy)
@@ -1,5 +1,5 @@
    <div id="login-modal" style="display:none">
       <div id="login-modal-msg" style="display:none;width:257px;height:157px">
-      <iframe src="" frameborder="0" width="257" height="157" scrolling="no" marginheight="0" marginwidth="0" name="login-content" class="login-content" id="loginIframe"></iframe>
+      <iframe src="javascript:" frameborder="0" width="257" height="157" scrolling="no" marginheight="0" marginwidth="0" name="login-content" class="login-content" id="loginIframe"></iframe>
       </div>
-   </div>
\ No newline at end of file
+   </div>
Index: core/src/resources/portal-core-war/WEB-INF/jsp/header/header.jsp
===================================================================
--- core/src/resources/portal-core-war/WEB-INF/jsp/header/header.jsp	(revision 14000)
+++ core/src/resources/portal-core-war/WEB-INF/jsp/header/header.jsp	(working copy)
@@ -51,7 +51,7 @@
 <script type="text/javascript">
    /* <![CDATA[ */
    //we don't need the iframe/modal if logged in
-   document.getElementById('loginIframe').src = '';
+   document.getElementById('loginIframe').src = "javascript:''";
    /* ]]> */
 </script>
 <%= rb.getString("LOGGED") %>: <%= principal.getName() %><br/><br/>
{noformat}
Comment 1 Masafumi Miura 2011-07-05 14:34:13 UTC 
Attachment: Added: JBEPP-995-proposal.patch
Comment 3 Scott Mumford 2011-07-12 05:52:35 UTC 
Release Notes Docs Status: Added: Not Yet Documented
Comment 4 Jared MORGAN 2012-01-23 04:37:57 UTC 
Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Resolved Issue
Release Notes Text: Added: IE 6 displayed "This page contains both secure and nonsecure items" on every page when users were authenticated using SSL. While IE6 was honoring the information it received in the header.jsp, this caused unnecessary modal dialog boxes to display every time a page with mixed content was opened. The fix implements changes to the header.jsp to correctly detect when a user is authenticated, and prevents the dialog boxes from opening.
Comment 5 Thomas Heute 2012-01-24 16:11:45 UTC 
Link: Added: This issue relates to JBEPP-1483