This is a migrated thread and some comments may be shown as answers.

Window icon causes security warning in IE8 on SSL-enabled site

9 Answers 106 Views
Window
This is a migrated thread and some comments may be shown as answers.
Clayton
Top achievements
Rank 1
Clayton asked on 03 Aug 2010, 06:45 PM
I've set the image icon on a radWindow as the following (using a relative path):

<telerik:RadWindow runat="server" ID="UserGuideWindow" Width="500px" Height="400px" Modal="false" Behaviors="Close,Minimize,Move" IconUrl="~/Img/help_small.png">

Users receive the security warning: "do you want to view only the webpage content that was delivered securely" in IE8 when visiting the page over SSL.

I looked in the page source and found this:
Sys.Application.add_init(function() {
    $create(Telerik.Web.UI.RadWindow, {"_dockMode":true,"_stylezindex":"80000","behaviors":38,"clientStateFieldID":"ctl00_UserGuideWindow_ClientState","formID":"aspnetForm","height":"400px","iconUrl":"//Img/help_small.png","minimizeIconUrl":"//Img/help_small.png","name":"UserGuideWindow","skin":"Sitefinity","title":"User Guide","width":"500px"}, null, null, $get("ctl00_UserGuideWindow"));
});

It looks like the icon is not being set correctly, and the browser thinks that the icon is content from another (unsecure) location.

I can confirm that removing the icon reference completely fixed the issue of the security warning being displayed.

9 Answers, 1 is accepted

Sort by
0
Georgi Tunev
Telerik team
answered on 06 Aug 2010, 01:27 PM
Hello Clayton,

It is not the RadWindow that sets the iconUrl property like this, but the framework itself - you will get the same output (relative url) if you set a path to any other standard control. Indeed the problem is that the browser does not recognized that the image is coming from a secure location as well, hence the warning.
Fortunately, there is an easy fix - to set the iconUrl property with the full Url, e.g.
IconUrl="https://mysite/myfile.png"


Regards,
Georgi Tunev
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
0
martin
Top achievements
Rank 1
answered on 19 Aug 2010, 01:38 PM
Hello Georgi,

The workaround is working, but is not a good solution because I use the same software on different domains...
I have this same problem since i upgraded the controls from version 2009.3.1103.35 to 2010.2.713.35
In the 2009 version there was no such problem. How come?

regards Martin
0
Georgi Tunev
Telerik team
answered on 25 Aug 2010, 08:35 AM
Hi Martin,

So far such problem is reported only in live scenarios, usually when there is some Url rewriting module in the application (for example security / login one). Unfortunately, no one has provided a full, working solution that when accessed via https reproduces the problem so we cannot tell what setting in the setup exactly is causing the problem - if you can provide us with such project, we will gladly examine it and do our best to provide a solution.

If you cannot provide such sample, as an alternative, you can set the iconUrl from the server where you can build the full path - i.e. you will again use a full path as suggested before, but depending on the logic, it can be used in different domains.

Regards,
Georgi Tunev
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
0
Jason
Top achievements
Rank 1
answered on 21 Dec 2010, 04:55 AM
Is the a valid solution for this bug? I just upgraded our enterprise web application to the latest telerik version and am now experiencing issues exactly as described in the original post. When setting the IconUrl in RadWindow I get security warning with IE8.

It's very easy to test locally by setting up a self signed certificate. I can't hard code in a url because we come from many domains. Is the only method of fixing this is code behind and manipulating the IconUrl ?

<telerik:RadWindow runat="server" IconUrl="../images/toolbar/delete.gif" Title="Delete" ID="WindowDelete" Width="400" Height="110" BackColor="White" Behaviors="Close" ></telerik:RadWindow>
0
Georgi Tunev
Telerik team
answered on 21 Dec 2010, 01:27 PM
Hello Jason,

Do you use asp:scriptmanager or RadScriptManager? If you are using the standard ASP ScriptManager control, try switching to RadScriptManager and see how your app will behave.
If this doesn't help, please send a sample project that would allow us to reproduce the problem locally so we can investigate further.

Kind regards,
Georgi Tunev
the Telerik team
Browse the vast support resources we have to jump start your development with RadControls for ASP.NET AJAX. See how to integrate our AJAX controls seamlessly in SharePoint 2007/2010 visiting our common SharePoint portal.
0
Jason
Top achievements
Rank 1
answered on 23 Dec 2010, 05:13 PM
We are using asp:scriptmanager. Changing to RadScriptManager did solve the problem. Thanks.
0
Nicolaï
Top achievements
Rank 2
answered on 14 Dec 2012, 08:56 AM
I am horrified.
I have been plagued by this security warning in one my apps for a year now.
Finally solved it, with the workaround in a 3 years old thread?!
Wt.... f....
Why isn't the fix included in newer versions?
0
Marin Bratanov
Telerik team
answered on 14 Dec 2012, 01:51 PM
Hello Nicolaï,

This issue stems from the way the framework sets relative paths on the client, as my colleague Georgi explained in his first post. This is why workarounds are needed. Nevertheless, I am logging this case for research once again to see if it is possible to get an internal workaround that will work for different domains. You can follow the item here.


Regards,
Marin Bratanov
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
0
Nicolaï
Top achievements
Rank 2
answered on 14 Dec 2012, 02:06 PM
Hello,

suggestion: add a page that lists unresolved issues such as this, so we can scan through them when trying to resolve problems. Here, a lucky search ended me on a thread started in 2010....

In my case, the application(s) are supposed to be easy to redeploy for another domain. I have a key in my web.config file where the domain root url is set.
--> idea for solution? (add key in config to be used automatically for these problems, injecting the absolute url).

Otherwise, I know that when we deploy the solution to another client, some of these absolute paths will be forgotten. And maybe the programmer who will have replaced me will curse me for doing stupid things like that, using absolute urls for icons...
Tags
Window
Asked by
Clayton
Top achievements
Rank 1
Answers by
Georgi Tunev
Telerik team
martin
Top achievements
Rank 1
Jason
Top achievements
Rank 1
Nicolaï
Top achievements
Rank 2
Marin Bratanov
Telerik team
Share this question
or