Google Contacts Javascript API -> IE9 failure due to http access on https sign in page

[GoogleCodeExporter]

I am seeing errors with IE9 Javascript code. Here's sample code from Google:

http://gdata-javascript-client.googlecode.com/svn/trunk/samples/contacts/contact
s_picker/picker.html

This code works fine on all web browsers except IE9.  To get failure on IE9, 
here's what you do:
1. delete your cookies
2. Click Sign In button and grant access
3. When the page comes back from granting, IE9 presents the message "Only 
Secure Content is Displayed"

I take a look using the debugger and this is the error message:

HTML1200: google.com is on the Internet Explorer 9 Compatibility View List 
('C:\Users\Administrator\AppData\Local\Microsoft\Internet 
Explorer\IECompatData\iecompatdata.xml'). 
IssueAuthSubTokenJS?next=http%3A%2F%2Fgdata-javascript-client.googlecode.com%2Fs
vn%2Ftrunk%2Fsamples%2Fcontacts%2Fcontacts_picker%2Fpicker.html&secure=0&session
=1&scope=https%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F
SEC7111: HTTPS security is compromised by 
http://www.google.com/uds/modules/gdata/gdata-xd.js

It looks like the grant permission page (which is https) is loading this:
http://www.google.com/uds/modules/gdata/gdata-xd.js
which is http.

This failure happens using IE9.

thanks,

Scott Schmitz

Original issue reported on code.google.com by sc...@realorganized.com on 28 Mar 2011 at 2:25

[GoogleCodeExporter]

I am also facing same issue in IE8

Can some one suggest what could be the reason behind this.

Original comment by rites...@gmail.com on 4 May 2011 at 6:43

[GoogleCodeExporter]

This is a problem for me also. I am using the Google Analytics Javascript API 
and am receiving this error in IE9. 

The full errors reported by IE Developer Tools' Console are:

SEC7111: HTTPS security is compromised by 
http://www.google.com/uds/modules/gdata/gdata-xd.js 
AuthSubSessionTokenJS

SCRIPT5009: 'xdSendResponse' is undefined 
AuthSubSessionTokenJS, line 3 character 156

SCRIPT5022: Could not sign in, invalid response from server.  Please try again. 
core,opensearch,atom,app,gdata,analytics.I.js, line 2 character 16

Original comment by mdhgriff...@gmail.com on 20 May 2011 at 4:20

[GoogleCodeExporter]

Same problem with youtube data api - 

HTML1200: youtube.com is on the Internet Explorer 9 Compatibility View List 
('C:\Users\Administrator\AppData\Local\Microsoft\Internet 
Explorer\IECompatData\iecompatdata.xml'). 
issue_auth_sub_token_js?scope=http%3A%2F%2Fgdata.youtube.com&session=1&next=http
%3A%2F%2Fstaging.ghoststreet.co.nz%2Fonelove%2F&secure=0

SEC7111: HTTPS security is compromised by 
http://www.google.com/uds/modules/gdata/gdata-xd.js 
AuthSubSessionTokenJS

SCRIPT5007: The value of the property 'xdSendResponse' is null or undefined, 
not a Function object 
AuthSubSessionTokenJS, line 3 character 142

SCRIPT5022: Could not sign in, invalid response from server.  Please try again. 
core.I.js, line 2 character 16

Original comment by reconf...@gmail.com on 2 Jun 2011 at 12:15

[GoogleCodeExporter]

same issue in IE9 with example code for an authenticated spreadsheet feed.

Original comment by wuftymer...@gmail.com on 5 Jun 2011 at 9:38

[GoogleCodeExporter]

Also having this problem with IE9 and Google Calendar JS API

Original comment by danelle....@gmail.com on 17 Jun 2011 at 7:23

[GoogleCodeExporter]

Does the library just not work with Internet Explorer 9?  I have tried the 
examples on http://code.google.com/p/gdata-javascript-client/ and the 
authentication does not work in any of them (both with and without the IE8 
compatibility enabled).  They are OK with IE8.

Original comment by ngal...@gmail.com on 4 Jul 2011 at 5:02

[GoogleCodeExporter]

BTW it does work if I enable "Mixed Content" in IE9 but obviously not a good 
option to force users to do that.  Just clicking "Show All Content" on the 
prompt does not work.  And the problem is that this page: 
https://www.google.com/accounts/AuthSubSessionTokenJS is trying to load 
http://www.google.com/uds/modules/gdata/gdata-xd.js which is non https thus 
blocked.  In fact I don't understand why it is working in IE8, it seems like it 
should fail there too.

Original comment by ngal...@gmail.com on 4 Jul 2011 at 5:24

[GoogleCodeExporter]

Yep thats right regarding the secure page loading the insecure page. I am not 
sure why nothing has been done about this yet by the developers? With more 
people moving over to IE9 every day it is starting to become a problem for my 
implementation.

I think it should be reiterated to the developers that this is not a fault with 
IE9, but a fault with the AuthSub system. Disappointed the developers have not 
yet commented.

Original comment by kev...@ca.com.au on 4 Jul 2011 at 10:11

[GoogleCodeExporter]

I escalated this issue internally, Thank for reporting it.

Original comment by pro...@google.com on 5 Jul 2011 at 3:28

[GoogleCodeExporter]

Original comment by pro...@google.com on 5 Jul 2011 at 3:52

• Changed state: Accepted
• Added labels: Google-4993225, OpSys-All

[GoogleCodeExporter]

Awesome - thank you!

Original comment by ngal...@gmail.com on 5 Jul 2011 at 4:02

[GoogleCodeExporter]

AuthSubJS should now load gdata-xd.js over https://

Original comment by pro...@google.com on 15 Jul 2011 at 8:22

• Changed state: Fixed

[GoogleCodeExporter]

There is a different error now:

SEC7111: HTTPS security is compromised by 
http://gdata-jsguide.appspot.com/static/Logo_25wht.gif#xdrp=1&chunk=({ 
"auth":"...", "status":"OK" }) 
AuthSubSessionTokenJS
SEC7111: HTTPS security is compromised by 
http://gdata-jsguide.appspot.com/static/Logo_25wht.gif 
index.html#...
SEC7111: HTTPS security is compromised by 
http://gdata-jsguide.appspot.com/static/Logo_25wht.gif#xdrp-info=1&n=1&isDataJso
n=true&status=200&headers=%7B%7D 
AuthSubSessionTokenJS
SEC7111: HTTPS security is compromised by 
http://gdata-jsguide.appspot.com/static/Logo_25wht.gif 
index.html#...

Original comment by pro...@google.com on 19 Jul 2011 at 8:14

• Changed state: Accepted

[GoogleCodeExporter]

I get this in IE9:

SCRIPT5007: Unable to get value of the property 'getAddress': object is null or 
undefined 
picker.js, line 184 character 9

but I think that's just a coding issue with the sample, I get a similar error 
in Firefox: Error: entry.getEmailAddresses()[0] is undefined
Source File: 
http://gdata-javascript-client.googlecode.com/svn/trunk/samples/contacts/contact
s_picker/picker.js
Line: 184

The other samples work OK in IE9 as far as I can tell

Original comment by ngal...@gmail.com on 19 Jul 2011 at 12:24

[GoogleCodeExporter]

seeing this problem with sample calendar apps such as Birthday Manager as well 
as my own web pages

Original comment by BobBux...@gmail.com on 25 Jul 2011 at 1:02

[GoogleCodeExporter]

Thanks for filing this guys. I have let our engineering team know. I will let 
you know when I hear back from them.

Cheers!

Original comment by Nivco.las@gmail.com on 26 Oct 2011 at 12:32

[GoogleCodeExporter]

Any good news about this issue?

Original comment by evolio.r...@gmail.com on 14 Dec 2011 at 2:53

[GoogleCodeExporter]

I do hope Google fixes this.  Seems like a small change?  Really wish this were 
open source and I would fix it myself.

Original comment by sc...@realorganized.com on 15 Dec 2011 at 2:02

[GoogleCodeExporter]

Hi. Some changes to this Issue?
Regards
Carlos

Original comment by i...@simply-networks.de on 8 Feb 2012 at 11:31

[GoogleCodeExporter]

Still waiting for some solution.
Not much of a hope left.

Original comment by igalg...@gmail.com on 8 Feb 2012 at 12:12