search

frenzypeng / securityswitch

Automatically exported from code.google.com/p/securityswitch
Other
0 stars 0 forks source link

bypassSecurityWarning IE8 security warning still popping up #13

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Navigate to https://www.maritimetraining.com/Contact-Us in IE8

What is the expected output? What do you see instead?
Expected no security warning. Instead, IE 8 secure content warning pops up.

What version of the product are you using? On what operating system?
SS:4.0, server WS 2008, client on Windows 7 with IE8

Please provide any additional information below.

This behavior started after a fresh update to our site. The web.config was not 
updated nor was the SS version.
Web.Config Settings:
    <securitySwitch bypassSecurityWarning="true"   mode="RemoteOnly" >
      <paths>
    <add path="~/Styles" security="Ignore" />
    <add path="~/Images" security="Ignore" />
    <add path="~/Scripts" security="Ignore" />
    <add path="~/bx_styles" security="Ignore" />
        <add path="~/Account" />
        <add path="~/Contact-Us" />
        <add path="~/Admin" />
        <add path="~/OrderReceipt.aspx" />
      </paths>
    </securitySwitch>

Original issue reported on code.google.com by rick...@gmail.com on 31 May 2011 at 4:59

GoogleCodeExporter commented 8 years ago 
Does the client have JS disabled, by chance?

Original comment by vent...@gmail.com on 31 May 2011 at 9:28

GoogleCodeExporter commented 8 years ago 
Hi, thanks for your reply!

Javascript is enabled. The pop-up is happening on another IE8 instance as well.

Original comment by rick...@gmail.com on 31 May 2011 at 9:36

GoogleCodeExporter commented 8 years ago 
I checked this page on your site. The pop-up is actually unrelated to the 
bypass security warning. It is actually a mixed security warning. Perhaps I am 
just getting to your site too late (after you made some other changes), because 
it looks like you have the correct settings in your config file to avoid this.

When I view the source of your page, the first script tag is 
"http://www.maritimetraining.com/Scripts/jquery-1.4.1.min.js". That is why IE 
is complaining; that there are some resources being requested insecurely from a 
secure page. Do you still have the above configuration in-place (with ~/Scripts 
set to Ignore)? If so, are there any rewrite rules on the site?

Even if you resolve the Scripts folder with this module, you will likely have a 
problem with your analytics JS. At the bottom of the page, a script references 
is made to "http://www.google-analytics.com/urchin.js". There should be newer 
code from Google that detects if the current page is requested via HTTPS and 
outputs the script reference to urchin.js via HTTPS as well.

Original comment by vent...@gmail.com on 5 Jun 2011 at 3:55

GoogleCodeExporter commented 8 years ago 
Ah, I thought "bypassSecurityWarning" was referring to the mixed security 
warning.  Thanks for looking at the site. The issue is resolved.

Original comment by rick...@gmail.com on 5 Jun 2011 at 5:12

GoogleCodeExporter commented 8 years ago 
No problem. I'm glad you got it resolved.

Original comment by vent...@gmail.com on 7 Jun 2011 at 10:45

GoogleCodeExporter commented 8 years ago 
Thanks again. Is there a way to donate to this project?

Original comment by rick...@gmail.com on 8 Jun 2011 at 12:53

GoogleCodeExporter commented 8 years ago 
There is no way to donate to this project yet. I greatly appreciate your 
interest. Perhaps in time, I'll set something up.

Original comment by vent...@gmail.com on 11 Jun 2011 at 3:19