Bug #60886

Backend via https throws "SEC7111: HTTPS security is compromised by res://ieframe.dll/dnserrordiagoff.htm" in IE

Added by Marco Huber almost 7 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2014-08-11
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Our beloved InternetExplorer has a problem with javascript:false as Ext.SSL_SECURE_URL.

When you open the backend, than there is a hidden iFrame (typo3-navigationIframe) with an empty src attribute and the IE uses javascript:false as src (default for Ext.SSL_SECURE_URL [1]).
When you open the backend via https, the IE wants to show res://ieframe.dll/dnserrordiagoff.htm because javascript:false is not a valid url. But this is detected as an unsecure resource. So you see this warning in the developer tools: "SEC7111: HTTPS security is compromised by res://ieframe.dll/dnserrordiagoff.htm"

Setting the URL to the clear.gif as Ext.SSL_SECURE_URL in typo3/sysext/core/Classes/Page/PageRenderer.php helps and doesn't create too much unnecessary traffic.

[1] http://dev.sencha.com/playpen/docs/output/Ext.html#SSL_SECURE_URL

#1

Updated by Gerrit Code Review almost 7 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32083

#2

Updated by Gerrit Code Review almost 7 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32083

#3

Updated by Marco Huber almost 7 years ago

As workaround I use this:

ext_tables.php

$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/backend.php']['renderPreProcess'][] =
    \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath($_EXTKEY) . 'Classes/Hooks/BackendController.php:BGM\\BgmThemePage\\Hooks\\BackendController->addJSCSS';

BackendController.php

<?php
namespace BGM\BgmThemePage\Hooks;
class BackendController {

    /**
     * wrapper function called by hook (\TYPO3\CMS\Backend\Controller\BackendController->renderPreProcess)
     *
     * @param    array $hookConfiguration
     * @param    \TYPO3\CMS\Backend\Controller\BackendController $backendController : The parent object that triggered this hook
     * @return    void
     */
    public function addJSCSS($hookConfiguration, \TYPO3\CMS\Backend\Controller\BackendController &$backendController) {
        $backendController->getPageRenderer()->addJsLibrary('tx_bgmthemepage_forgeissue60886', '../typo3conf/ext/bgm_theme_page/Resources/Public/Javascript/Backend.js', $type = 'text/javascript', $compress = FALSE, $forceOnTop = TRUE, $allWrap = '', $excludeFromConcatenation = TRUE, $splitChar = '|');
    }
}

if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/bgm_theme_page/Classes/Hooks/BackendController.php'])) {
    include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/bgm_theme_page/Classes/Hooks/BackendController.php']);
}

I have to use $backendController->getPageRenderer()->addJsLibrary() and not addJsInlineCode(), because addJsInlineCode is too late.

Backend.js

Ext.SSL_SECURE_URL = "gfx/clear.gif";

#4

Updated by Gerrit Code Review over 6 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32083

#5

Updated by Gerrit Code Review over 6 years ago

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/35428

#6

Updated by Marco Huber over 6 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#7

Updated by Benni Mack over 2 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF