English 中文(简体)
ckeditor 3.0 causes "unauthenticated content" when simply included on an HTTPS page
原标题:

When I include ckeditor aka fckeditor (version 3.0.1 revision 4391), which I downloaded from their site last week, into a page that is SSL encrypted, I get the Firefox broken lock icon and the warning "Warning: contains unauthenticated content". However, IE8 doesn t give this error at all. I checked the headers (Live HTTP headers), and everything is being included VIA SSL. Anyone have any solutions regarding this?

This happens by just including the script, like so <script type="text/javascript" src="/js/manager/settings.js"></script>

问题回答

I also found the same problem on our secure portal. Only those web pages using the "ckeditor.js" is giving this warning.

Tried for some time searching through the ckeditor js files to find anywhere which uses http instead of https.

"plugins/flash/dialogs/flash.js" is having the embed from "http://macromedia blah blah...". Changing it to "https://macromedia .. blah blah..." did not solve it although our general flash embedded pages works fine with this workaround. :(

I will try to find out some more in the code... tonight.

If you find solution please put it here...

[http://dev.fckeditor.net/ticket/3905][1]

This will be fixed on 3.1.x onwards as it says.

trying to checkout a development tag.

Checked out CKEditor from a development branch under 3.1.x

This is great! the warning is gone.

时间:2010-01-22 07:07:09


上一篇:
下一篇:


相关问题
Signed executables under Linux

For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...

时间:2009-11-14 01:34:19 回答:10 展示:1
MALICIOUS_CODE EI_EXPOSE_REP Medium

I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User ...

时间:2009-11-14 00:40:10 回答:5 展示:1
XSS on jsbin.com

Anyone know if jsbin.com implements any protection for XSS or other javascript attacks? I see jsbin links used fairly regularly on sites like this one and I can t find any indication from the site ...

时间:2009-11-14 00:18:21 回答:1 展示:1
Make md5 strong

Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...

时间:2009-11-13 18:59:37 回答:5 展示:1
Why running a service as Local System is bad on windows?

I am trying to find out the difference between difference service account types. I tumbled upon this question. The answer was because it has powerful access to local resources, and Network Service ...

时间:2009-11-13 16:51:19 回答:5 展示:1
Brute-force/DoS prevention in PHP [closed]

I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...

时间:2009-11-13 05:37:34 回答:5 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全