Bug 37549 - IE gives mixed security warning in Site tab
Summary: IE gives mixed security warning in Site tab
Status: NEW
Alias: None
Product: Lenya
Classification: Unclassified
Component: Navigation Framework (show other bugs)
Version: 1.2.4
Hardware: All All
: P3 normal
Target Milestone: 1.2.6
Assignee: Lenya Developers
Depends on:
Reported: 2005-11-17 20:49 UTC by BobHarner
Modified: 2007-04-26 08:52 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description BobHarner 2005-11-17 20:49:26 UTC
The bug that Lee Carroll described at
still exists in Lenya 1.2.4 and the 1.2.X branch.  For Lenya sites using SSL, IE
gives a mixed security warning ("This page contains both secure and nonsecure
items") when one accesses the site tab.

As a work-around, users can disable this warning in IE (Tools > Internet Options
> Security > Custom Level > Display mixed content).  But the real bug appears to
be in how the javascript code (lenya/resources/javascript/navtree.js) generates
URL's to gif's.  Lee's work-around of hard-coding the scheme and host in the
definition of IMAGE_PATH in line 53 of lenya/xslt/info/root.xsl is effective,
but we need to replace that hard-coded scheme and host with an <xsl:value-of
SOMETHING>.  What is that SOMETHING?  Alternatively, we could change how
navtree.js uses IMAGE_PATH so that the scheme and host are included when the
javascript runs.

The original line in root.xsl is:

IMAGE_PATH = "<xsl:value-of select="$contextprefix"/>/lenya/images/tree/";
Comment 1 Josias Thoeny 2005-11-18 09:35:29 UTC
The scheme and host you have to prepend are defined in publication.xconf, right?
Maybe the ProxyUrlModule could be extended to get these parameters. They could
then be passed from the sitemap to the xsl which assigns the image path.
Would this solve the problem?
Comment 2 J 2007-04-26 07:21:21 UTC
is anyone currently using an SSL proxy and can reproduce this patch with the
current trunk?
Comment 3 Richard Frovarp 2007-04-26 08:49:43 UTC
This isn't an issue for 1.4 from the site tab. It is an issue from the live tab
in 1.4.