You need to sign in to do that
Don't have an account?
Security warnings & information alerts in IE
Hi there,
I have a new data entry VF page (and Apex Class). When accessing the page in Internet Explorer, I had been receiving a Security Warning (The current Web page is trying to open a site in your Trusted sites list. Do you want to allow this?). I added https://c.<servername>.visualforce.com to my Trusted sites, which gets rid of the Security Warning, but now I get a Security Information alert (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?).
Is there another setting in IE that will suppress this Security Information alert, or do we need to modify the Apex Class/VF page? Most of my users primarily use IE, so while I know Firefox handles this differently, I can't easily transition them all to Firefox and I don't want them to see this message every time they use the page in IE.
Any ideas? Your replies are greatly appreciated!
Kristin
Hi,
Your best bet is to find the items that are causing the security problem in the first place. Anything that has a http:// not the https:// will be the offenders. Remember -the security warnings are there for a reason. It shows the user that not all items are managed under the https security protocol and data submitted by them will be sent in plain text.
If you need images, script or other items you could think about adding them to a static resource so they are then inside the https domain.
R.
All Answers
After a little more searching, I see one option is to disable mixed content within IE ( Internet Options - Security - Internet - Custom Level - Miscellaneous - Display Mixed Content = ENABLE).
While this solves the immediate problem, we're not keen on disabling for all sites.
Will be interested in hearing best practices for addressing this within the Visualforce page.
Hi,
Your best bet is to find the items that are causing the security problem in the first place. Anything that has a http:// not the https:// will be the offenders. Remember -the security warnings are there for a reason. It shows the user that not all items are managed under the https security protocol and data submitted by them will be sent in plain text.
If you need images, script or other items you could think about adding them to a static resource so they are then inside the https domain.
R.
Thanks for leading me in the right direction, Richard. I think I've found the problem. While we are using static resources within the page, I see that one of our static resources includes http:// references (for stylesheet).
Another tip -
If you have an image stored as a static resource, this tag
<apex:image url="{!URLFOR($Resource.Cloud2MailLogo)}" />
generates an IE security warning (Firefox does not seem to care).
But this tag works fine.
<apex:image url="{!$Resource.Cloud2MailLogo}" />
Apparently the URLFOR function generates an http:// link, not an https:// link.