Bug #60886

Backend via https throws "SEC7111: HTTPS security is compromised by res://ieframe.dll/dnserrordiagoff.htm" in IE

Added by Marco Huber over 5 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2014-08-11
Due date:
% Done:

100%

TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Our beloved InternetExplorer has a problem with javascript:false as Ext.SSL_SECURE_URL.

When you open the backend, than there is a hidden iFrame (typo3-navigationIframe) with an empty src attribute and the IE uses javascript:false as src (default for Ext.SSL_SECURE_URL [1]).
When you open the backend via https, the IE wants to show res://ieframe.dll/dnserrordiagoff.htm because javascript:false is not a valid url. But this is detected as an unsecure resource. So you see this warning in the developer tools: "SEC7111: HTTPS security is compromised by res://ieframe.dll/dnserrordiagoff.htm"

Setting the URL to the clear.gif as Ext.SSL_SECURE_URL in typo3/sysext/core/Classes/Page/PageRenderer.php helps and doesn't create too much unnecessary traffic.

[1] http://dev.sencha.com/playpen/docs/output/Ext.html#SSL_SECURE_URL

Associated revisions

Revision ecf260d3 (diff)
Added by Marco Huber almost 5 years ago

[BUGFIX] Set Ext.SSL_SECURE_URL to prevent https issues in IE

Ext.SSL_SECURE_URL is javascript:false by default. But this throws the error
"SEC7111: HTTPS security is compromised by res://ieframe.dll/dnserrordiagoff.htm"
in IE. To prevent this we can use the clear.gif URL which is a valid
URL and doesn't create too much traffic

Resolves: #60886
Releases: master, 6.2
Change-Id: I618815318aab3f39aaca54e92ebec4f3d79827c4
Reviewed-on: http://review.typo3.org/32083
Reviewed-by: Anja Leichsenring <>
Tested-by: Anja Leichsenring <>
Reviewed-by: Wouter Wolters <>
Tested-by: Wouter Wolters <>

Revision 607cff3f (diff)
Added by Marco Huber almost 5 years ago

[BUGFIX] Set Ext.SSL_SECURE_URL to prevent https issues in IE

Ext.SSL_SECURE_URL is javascript:false by default. But this throws the error
"SEC7111: HTTPS security is compromised by res://ieframe.dll/dnserrordiagoff.htm"
in IE. To prevent this we can use the clear.gif URL which is a valid
URL and doesn't create too much traffic

Resolves: #60886
Releases: master, 6.2
Change-Id: I618815318aab3f39aaca54e92ebec4f3d79827c4
Reviewed-on: http://review.typo3.org/35428
Reviewed-by: Wouter Wolters <>
Tested-by: Wouter Wolters <>

History

#1 Updated by Gerrit Code Review over 5 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32083

#2 Updated by Gerrit Code Review over 5 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32083

#3 Updated by Marco Huber over 5 years ago

As workaround I use this:

ext_tables.php

$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/backend.php']['renderPreProcess'][] =
    \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath($_EXTKEY) . 'Classes/Hooks/BackendController.php:BGM\\BgmThemePage\\Hooks\\BackendController->addJSCSS';

BackendController.php

<?php
namespace BGM\BgmThemePage\Hooks;
class BackendController {

    /**
     * wrapper function called by hook (\TYPO3\CMS\Backend\Controller\BackendController->renderPreProcess)
     *
     * @param    array $hookConfiguration
     * @param    \TYPO3\CMS\Backend\Controller\BackendController $backendController : The parent object that triggered this hook
     * @return    void
     */
    public function addJSCSS($hookConfiguration, \TYPO3\CMS\Backend\Controller\BackendController &$backendController) {
        $backendController->getPageRenderer()->addJsLibrary('tx_bgmthemepage_forgeissue60886', '../typo3conf/ext/bgm_theme_page/Resources/Public/Javascript/Backend.js', $type = 'text/javascript', $compress = FALSE, $forceOnTop = TRUE, $allWrap = '', $excludeFromConcatenation = TRUE, $splitChar = '|');
    }
}

if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/bgm_theme_page/Classes/Hooks/BackendController.php'])) {
    include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/bgm_theme_page/Classes/Hooks/BackendController.php']);
}

I have to use $backendController->getPageRenderer()->addJsLibrary() and not addJsInlineCode(), because addJsInlineCode is too late.

Backend.js

Ext.SSL_SECURE_URL = "gfx/clear.gif";

#4 Updated by Gerrit Code Review almost 5 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32083

#5 Updated by Gerrit Code Review almost 5 years ago

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/35428

#6 Updated by Marco Huber almost 5 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#7 Updated by Benni Mack about 1 year ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF