使用IE和SSL编写Dojo-CodingDojowithIEandSSL

9  

After reviewing the Javascript sourcecode for Dijit, I thought it was likely the error results from an "insecure" refrence to a dynamically generated IFRAME. Note there are two versions of the script file, the uncompressed represents the original source (dijit.js.uncompressed.js) and the standard (dijit.js) has been compressed for optimal transfer time.

在查看Dijit的Javascript源代码之后,我认为错误可能是由对动态生成的IFRAME的“不安全”引起的。请注意,脚本文件有两个版本,uncompressed表示原始源(dijit.js.uncompressed.js),标准(dijit.js)已经过压缩以获得最佳传输时间。

Since the uncompressed version is the most readable, I will describe my solution based on that. At line #1023, an IFRAME is rendered in Javascript:

由于未压缩版本的可读性最高,我将基于此描述我的解决方案。在#1023行,IFRAME以Javascript呈现:

if(dojo.isIE){
    var html="";
    iframe = dojo.doc.createElement(html);
}else{...

What's the problem? IE doesn't know if the src for the IFRAME is "secure" - so I replaced it with the following:

有什么问题? IE不知道IFRAME的src是否“安全” - 所以我用以下内容替换它:

if(dojo.isIE){
    var html="";
    iframe = dojo.doc.createElement(html);
}else{...

This is the most common problem with Javascript toolkits and SSL in IE. Since IFRAME's are used as shims due to poor overlay support for DIV's, this problem is extremely prevalent.

这是IE中Javascript工具包和SSL最常见的问题。由于DIV的覆盖支持不良,IFRAME被用作垫片,因此这个问题非常普遍。

My first 5-10 page reloads are fine, but then the security error starts popping up again. How is this possible? The same page is "secure" for 5 reloads and then it is selected by IE as "insecure" when loaded the 6th time.

我的前5-10页重新加载很好,但随后又出现了安全错误。这怎么可能?对于5次重新加载,同一页面是“安全的”,然后当第6次加载时,它被IE选为“不安全”。

As it turns out, there is also a background image being set in the onload event for dijit.wai (line #1325). This reads something like this;

事实证明,在dijit.wai的onload事件中也设置了背景图像(第1325行)。这读起来像这样;

div.style.cssText = 'border: 1px solid;'
                  + 'border-color:red green;'
                  + 'position: absolute;'
                  + 'height: 5px;'
                  + 'top: -999px;'
                  + 'background-image: url("' + dojo.moduleUrl("dojo", "resources/blank.gif") + '");';

This won't work because the background-image tag doesn't include HTTPs. Despite the fact that the location is relative, IE7 doesn't know if it's secure so the warning is posed.

这不起作用,因为background-image标记不包含HTTP。尽管该位置是相对的,但IE7不知道它是否安全,因此提出了警告。

In this particular instance, this CSS is used to test for Accessibility (A11y) in Dojo. Since this is not something my application will support and since there are other general buggy issues with this method, I opted to remove everything in the onload() for dijit.wai.

在此特定实例中,此CSS用于测试Dojo中的辅助功能(A11y)。由于这不是我的应用程序将支持的东西,并且由于此方法存在其他一般错误问题,因此我选择删除onij()中dijit.wai的所有内容。

All is good! No sporadic security problems with the page loads.

一切都很好!页面加载时没有零星的安全问题。

1  

If your page is loading files from a non-https URL Firefox should tell you the same thing. Instead of an error the lock symbol at the bottom (in the status bar) should be crossed out. Are you sure that is not the case?

如果您的页面正在从非https URL加载文件,Firefox应该告诉您相同的事情。应该划掉底部(状态栏中)的锁定符号而不是错误。你确定不是这样吗?

If you see the symbol, click on it and check which files are "unsecure".

如果看到符号,请单击该符号并检查哪些文件是“不安全”。

1  

If you're using CDN you can include all modules by HTTPS as seen here.

如果您正在使用CDN,则可以通过HTTPS包含所有模块,如此处所示。

You can test with various versions if you want. Currently the most recent is 1.6.1

如果需要,您可以使用各种版本进行测试。目前最近的是1.6.1