You need to sign in to do that
Don't have an account?
VF homepage component non-secure items
Hi,
I am including a simple VF page (for now just the default 'Congratulations'example) in the left hand navigation section of the homepage (so it will be loaded each time a new page is navigated to).
To achieve this I have used the suggested IFRAME option:
<iframe src="/apex/test2" width="10" frameborder="0" height="10"></iframe>
Unfortunately I keep getting the IE security warning that this page contains unsecure items, do I wish to load it.In Firefox it works fine.
If I navigate manually to the page there is no security issue (as you would expect as it is the very simple VF default page). So there must be something wrong with the way I'm using the iframe...can anyone immediately point out where I am being stupid?
Thank you!
The IE warning is because the browser think that you are mixing https and http pages. To avoid this i suggest use the <apex:iframe> component.
<apex:iframe src="{!$Page.test2}" id="theIframe"/>
I hope this solve the problem.
Regards,
J.
The trouble is I'm adding a custom homepage component and there is no option to use apex - I can either add a link, an image or an HTML area. I'm using the <iframe> HTML tags in my HTML area.
Seems strange there is no option to use a VF page though!
Is there a way of embedding the apex in the html...? Why does IE think there are non-secure items?
Thanks for your help!
- Is there a way of embedding the apex in the html...?
No...
- Why does IE think there are non-secure items?
I think in your case you don't have http and https, but maybe you have to differents domain in your https url, like
https://na6.salesforce.com and https://namespaceprefix.na6.visual.force.com/apex/test2
Yes that's right, the homepage is at:
https://na5.salesforce.com/home/home.jsp
and the VF page is at:
https://c.na5.visual.force.com/apex/test2
Is there a way of ensuring they're in the same domain? Otherwise everyone must get this issue when they try and use a VF page as a custom homepage component...
https://c.na5.visual.force.com/apex/xxxxx and your iframe url
https://c.na5.visual.force.com/apex/test2. The problem is when you enter in the VF standard pages.
I don't think you have a "easy" way to avoid this... maybe you can research to do it with javascript or jquery, but this is a securty warning, and that's why they exist :D
This is just an idea:
<script> $(document).ready(function (){ $.ajaxSetup({ 'beforeSend' : function(xhr) { xhr.overrideMimeType('text/html; charset=iso-8859-1'); }, }); $("#leftPageContent").load("{!$Page.test2}"); } </script> <div id="leftPageContent"></div>
J.
Couldn't get that to work, but thanks very much for your advice. As it's ok in Firefox and for all I know may be ok in later versions of IE (I'm testing on IE6) I'm just going to enable the 'mixed content' option in the browser security...not ideal but I can't spend more time on this.
I think there should be an option to make a VF page a custom homepage component instead of having to do it this way with HTML and an iframe...
Thanks again!
<iframe src="https://c.na5.visual.force.com/apex/test2" width="10" frameborder="0" height="10"></iframe>