Bug #60886
closed
Backend via https throws "SEC7111: HTTPS security is compromised by res://ieframe.dll/dnserrordiagoff.htm" in IE
100%
Description
Our beloved InternetExplorer has a problem with javascript:false as Ext.SSL_SECURE_URL.
When you open the backend, than there is a hidden iFrame (typo3-navigationIframe) with an empty src attribute and the IE uses javascript:false as src (default for Ext.SSL_SECURE_URL [1]).
When you open the backend via https, the IE wants to show res://ieframe.dll/dnserrordiagoff.htm because javascript:false is not a valid url. But this is detected as an unsecure resource. So you see this warning in the developer tools: "SEC7111: HTTPS security is compromised by res://ieframe.dll/dnserrordiagoff.htm"
Setting the URL to the clear.gif as Ext.SSL_SECURE_URL in typo3/sysext/core/Classes/Page/PageRenderer.php helps and doesn't create too much unnecessary traffic.
[1] http://dev.sencha.com/playpen/docs/output/Ext.html#SSL_SECURE_URL
Updated by Gerrit Code Review over 10 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32083
Updated by Gerrit Code Review over 10 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32083
Updated by Marco Huber over 10 years ago
As workaround I use this:
ext_tables.php
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/backend.php']['renderPreProcess'][] =
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath($_EXTKEY) . 'Classes/Hooks/BackendController.php:BGM\\BgmThemePage\\Hooks\\BackendController->addJSCSS';
BackendController.php
<?php
namespace BGM\BgmThemePage\Hooks;
class BackendController {
/**
* wrapper function called by hook (\TYPO3\CMS\Backend\Controller\BackendController->renderPreProcess)
*
* @param array $hookConfiguration
* @param \TYPO3\CMS\Backend\Controller\BackendController $backendController : The parent object that triggered this hook
* @return void
*/
public function addJSCSS($hookConfiguration, \TYPO3\CMS\Backend\Controller\BackendController &$backendController) {
$backendController->getPageRenderer()->addJsLibrary('tx_bgmthemepage_forgeissue60886', '../typo3conf/ext/bgm_theme_page/Resources/Public/Javascript/Backend.js', $type = 'text/javascript', $compress = FALSE, $forceOnTop = TRUE, $allWrap = '', $excludeFromConcatenation = TRUE, $splitChar = '|');
}
}
if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/bgm_theme_page/Classes/Hooks/BackendController.php'])) {
include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/bgm_theme_page/Classes/Hooks/BackendController.php']);
}
I have to use $backendController->getPageRenderer()->addJsLibrary() and not addJsInlineCode(), because addJsInlineCode is too late.
Backend.js
Ext.SSL_SECURE_URL = "gfx/clear.gif";
Updated by Gerrit Code Review almost 10 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32083
Updated by Gerrit Code Review almost 10 years ago
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/35428
Updated by Marco Huber almost 10 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset ecf260d35d098d7d612c49f1f7345140eaedc0ed.
Updated by