+ Start a Discussion
mattpick1mattpick1 

VF homepage component non-secure items

Hi,

 

I am including a simple VF page (for now just the default 'Congratulations'example) in the left hand navigation section of the homepage (so it will be loaded each time a new page is navigated to).

 

To achieve this I have used the suggested IFRAME option:

 

<iframe src="/apex/test2" width="10" frameborder="0" height="10"></iframe>

 

Unfortunately I keep getting the IE security warning that this page contains unsecure items, do I wish to load it.In Firefox it works fine.

 

If I navigate manually to the page there is no security issue (as you would expect as it is the very simple VF default page). So there must be something wrong with the way I'm using the iframe...can anyone immediately point out where I am being stupid?

 

Thank you!

 

 

Message Edited by mattpick1 on 10-20-2009 03:46 AM
JmBessonartJmBessonart

The IE warning is because the browser think that you are mixing https and http pages. To avoid this i suggest use the <apex:iframe> component.

 

 

<apex:iframe src="{!$Page.test2}" id="theIframe"/>

 

 I hope this solve the problem.

 

Regards,

J.

 

mattpick1mattpick1

The trouble is I'm adding a custom homepage component and there is no option to use apex - I can either add a link, an image or an HTML area. I'm using the <iframe> HTML tags in my HTML area.

 

Seems strange there is no option to use a VF page though!

 

Is there a way of embedding the apex in the html...? Why does IE think there are non-secure items?

 

Thanks for your help!

JmBessonartJmBessonart

- Is there a way of embedding the apex in the html...?

 No... 

 

- Why does IE think there are non-secure items?

I think in your case you don't have http and https, but maybe you have to differents domain in your https url, like 

https://na6.salesforce.com and https://namespaceprefix.na6.visual.force.com/apex/test2

 

mattpick1mattpick1

Yes that's right, the homepage is at:

 

https://na5.salesforce.com/home/home.jsp

 

and the VF page is at:

 

https://c.na5.visual.force.com/apex/test2

 

Is there a way of ensuring they're in the same domain? Otherwise everyone must get this issue when they try and use a VF page as a custom homepage component...

 

 

JmBessonartJmBessonart
You going to have the same domain when you put the iframe in a visualforce page too, becuase you going to have

https://c.na5.visual.force.com/apex/xxxxx and your iframe url

https://c.na5.visual.force.com/apex/test2. The problem is when you enter in the VF standard pages.

 

I don't think you have a "easy" way to avoid this... maybe you can research to do it with javascript or jquery, but this is a securty warning, and that's why they exist :D

 

This is just an idea:

 

<script> $(document).ready(function (){ $.ajaxSetup({ 'beforeSend' : function(xhr) { xhr.overrideMimeType('text/html; charset=iso-8859-1'); }, }); $("#leftPageContent").load("{!$Page.test2}"); } </script> <div id="leftPageContent"></div>

 

 

 

 

J.

mattpick1mattpick1

Couldn't get that to work, but thanks very much for your advice. As it's ok in Firefox and for all I know may be ok in later versions of IE (I'm testing on IE6) I'm just going to enable the 'mixed content' option in the browser security...not ideal but I can't spend more time on this.

 

I think there should be an option to make a VF page a custom homepage component instead of having to do it this way with HTML and an iframe...

 

Thanks again!

Ajay111Ajay111

<iframe src="https://c.na5.visual.force.com/apex/test2" width="10" frameborder="0" height="10"></iframe>

 

Use this code