function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

VF homepage component non-secure items



I am including a simple VF page (for now just the default 'Congratulations'example) in the left hand navigation section of the homepage (so it will be loaded each time a new page is navigated to).


To achieve this I have used the suggested IFRAME option:


<iframe src="/apex/test2" width="10" frameborder="0" height="10"></iframe>


Unfortunately I keep getting the IE security warning that this page contains unsecure items, do I wish to load it.In Firefox it works fine.


If I navigate manually to the page there is no security issue (as you would expect as it is the very simple VF default page). So there must be something wrong with the way I'm using the iframe...can anyone immediately point out where I am being stupid?


Thank you!



Message Edited by mattpick1 on 10-20-2009 03:46 AM

The IE warning is because the browser think that you are mixing https and http pages. To avoid this i suggest use the <apex:iframe> component.



<apex:iframe src="{!$Page.test2}" id="theIframe"/>


 I hope this solve the problem.






The trouble is I'm adding a custom homepage component and there is no option to use apex - I can either add a link, an image or an HTML area. I'm using the <iframe> HTML tags in my HTML area.


Seems strange there is no option to use a VF page though!


Is there a way of embedding the apex in the html...? Why does IE think there are non-secure items?


Thanks for your help!


- Is there a way of embedding the apex in the html...?



- Why does IE think there are non-secure items?

I think in your case you don't have http and https, but maybe you have to differents domain in your https url, like and



Yes that's right, the homepage is at:


and the VF page is at:


Is there a way of ensuring they're in the same domain? Otherwise everyone must get this issue when they try and use a VF page as a custom homepage component...



You going to have the same domain when you put the iframe in a visualforce page too, becuase you going to have and your iframe url The problem is when you enter in the VF standard pages.


I don't think you have a "easy" way to avoid this... maybe you can research to do it with javascript or jquery, but this is a securty warning, and that's why they exist :D


This is just an idea:


<script> $(document).ready(function (){ $.ajaxSetup({ 'beforeSend' : function(xhr) { xhr.overrideMimeType('text/html; charset=iso-8859-1'); }, }); $("#leftPageContent").load("{!$Page.test2}"); } </script> <div id="leftPageContent"></div>







Couldn't get that to work, but thanks very much for your advice. As it's ok in Firefox and for all I know may be ok in later versions of IE (I'm testing on IE6) I'm just going to enable the 'mixed content' option in the browser security...not ideal but I can't spend more time on this.


I think there should be an option to make a VF page a custom homepage component instead of having to do it this way with HTML and an iframe...


Thanks again!


<iframe src="" width="10" frameborder="0" height="10"></iframe>


Use this code