function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
mattpick1mattpick1 

VF homepage component non-secure items

Hi,

 

I am including a simple VF page (for now just the default 'Congratulations'example) in the left hand navigation section of the homepage (so it will be loaded each time a new page is navigated to).

 

To achieve this I have used the suggested IFRAME option:

 

<iframe src="/apex/test2" width="10" frameborder="0" height="10"></iframe>
 
Unfortunately I keep getting the IE security warning that this page contains unsecure items, do I wish to load it.In Firefox it works fine.
 
If I navigate manually to the page there is no security issue (as you would expect as it is the very simple VF default page). So there must be something wrong with the way I'm using the iframe...can anyone immediately point out where I am being stupid?
 
Thank you! 
 
 
Message Edited by mattpick1 on  10-20-2009 03:46 AM


JmBessonartJmBessonart
The IE warning is because the browser think that you are mixing https and http pages. To avoid this i suggest use the <apex:iframe> component.
 
 
<apex:iframe src="{!$Page.test2}" id="theIframe"/>

 
 I hope this solve the problem.
 
Regards,
J. 
 


mattpick1mattpick1
The trouble is I'm adding a custom homepage component and there is no option to use apex - I can either add a link, an image or an HTML area. I'm using the <iframe> HTML tags in my HTML area.
 
Seems strange there is no option to use a VF page though!
 
Is there a way of embedding the apex in the html...? Why does IE think there are non-secure items?
 
Thanks for your help! 


JmBessonartJmBessonart
- Is there a way of embedding the apex in the html...? 
 No...  
 
- Why does IE think there are non-secure items?
I think in your case you don't have http and https, but maybe you have to differents domain in your https url, like 
https://na6.salesforce.com and https://namespaceprefix.na6.visual.force.com/apex/test2
 


mattpick1mattpick1
Yes that's right, the homepage is at:
 
https://na5.salesforce.com/home/home.jsp
 
and the VF page is at:
 
https://c.na5.visual.force.com/apex/test2
 
Is there a way of ensuring they're in the same domain? Otherwise everyone must get this issue when they try and use a VF page as a custom homepage component... 
 
 


JmBessonartJmBessonart
You going to have the same domain when you put the iframe in a visualforce page too, becuase you going to have 
https://c.na5.visual.force.com/apex/xxxxx and your iframe url 
https://c.na5.visual.force.com/apex/test2. The problem is when you enter in the VF standard pages.
 
I don't think you have a "easy" way to avoid this... maybe you can research to do it with javascript or jquery, but this is a securty warning, and that's why they exist :D
 
This is just an idea:
 
<script>
$(document).ready(function (){
    $.ajaxSetup({
                'beforeSend' : function(xhr) {
                    xhr.overrideMimeType('text/html; charset=iso-8859-1');
                },
            });   
    $("#leftPageContent").load("{!$Page.test2}");  
}
</script>

<div id="leftPageContent"></div>
 
 
 
 
J. 


mattpick1mattpick1
Couldn't get that to work, but thanks very much for your advice. As it's ok in Firefox and for all I know may be ok in later versions of IE (I'm testing on IE6) I'm just going to enable the 'mixed content' option in the browser security...not ideal but I can't spend more time on this.
 
I think there should be an option to make a VF page a custom homepage component instead of having to do it this way with HTML and an iframe...
 
Thanks again! 


Ajay111Ajay111
<iframe src="https://c.na5.visual.force.com/apex/test2" width="10" frameborder="0" height="10"></iframe>
 
Use this code