function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

apex:flash tag causes "This page contains both secure and nonsecure items."

I'm using the visualforce flash tag:


<apex:flash src="{!$Resource.FlashApplication}"
         width="100%" height="100%"
         flashvars="session_id={!$Api.Session_ID}&server_url={!$Api.Partner_Server_URL_90}" />



However when loading the visualforce page the prompt "This page contains both secure and nonsecure items." appears.  When the  <apex:flash is commented out, the page loads without the prompt.


Any ideas?


I had a similar problem with some Javascript code I was working with. This happens when you have a page served over https and parts of the code are making call-outs or are being served from the local cache or over http. Take a look at this page and see if any of these are causing your issue. It seems like the most common is making a call-out to a 3rd party service over http or using an Adobe library that you need to include over http.


-- Matt


Thanks for the reply Matt,


I agree, if I had written custom javascript code I would be able to track down the issue.


The thing is, the issue has something to do with the actual html/script outupt generated when using the "<apex:flash" tag which is a standard visualforce component .


Do you get an error regardless of what's containted in your .swf? So if you use a very basic "hello world" type flash component do you still get the same error?


-- Matt



Literally showing a button.



<?xml version="1.0" encoding="utf-8"?>
<mx:Application xmlns:mx="" layout="absolute">
    <mx:Button label="Test button">


I've encountered the same problem - is there a solution to this?


When embedding a flex swf via the apex:flash tag like this:


<apex:page standardController="Contact" extensions="GetSessionControllerExtension">  
    <apex:flash src="{!$Resource.FlexPOC}" 
        width="600" height="300" 
        flashvars="userId={!$User.Id}&session_id={!MySessionId}&server_url={!$Api.Partner_Server_URL_150}" />  
(session id workaround included here)


I get the security warning.  The one thing I see that might be the culprit in the rendered html is this http reference:


<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="" height="300" id="j_id0:j_id1:flash" width="600">


As an alternate approach, I'm embedding the object tag manually:


<apex:page >
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
  id="FlexTree" width="282" height="421"
  <param name="movie" value="{!$Resource.FlexPOC}" />
  <param name="quality" value="high" />
  <param name="bgcolor" value="#869ca7" />
  <param name="allowScriptAccess" value="sameDomain" />
  <param name="flashvars" value="session_id={!$API.Session_ID}&server_url={!$API.Partner_Server_URL_150}" />
  <embed src="{!$Resource.FlexPOC}" quality="high" bgcolor="#869ca7"
    width="282" height="421" name="FlexTree" align="middle"


And this works fine, but I'd rather not have to do that.  How are other folks approaching this issue?


I had to use object tag instead of apex:flash for the same reason. 

Salesforce should fix this.  

IE Security warning pop up can be tackled by changing the IE settings.
Internet Options - Security - Internet - Custom Level - Miscellaneous - Display Mixed Content = ENABLE

It worked for me, let me know if you guys have luck....





IE Security warning pop up can be tackled by changing the IE settings.
Internet Options - Security - Internet - Custom Level - Miscellaneous - Display Mixed Content = ENABLE




Vivek Viswanathan