Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: nonsecure items popup on ie 6.0 since 4.0 upgrade

  1. #1
    Join Date
    Sep 2006
    Posts
    5
    Rep Power
    9

    Default nonsecure items popup on ie 6.0 since 4.0 upgrade

    Hello all,

    I am having a minor issue where I get a "Security Information - nonsecure items" popup when I access the root page of my Zimbra installation over HTTPS. I get the same popup after I've entered my username and password. Interestingly, this occurs when I use IE 6.0 and does not occur when using FireFox 1.5.0.6. Unfortunately I have to support IE, so this is a problem.

    Note that I recently upgraded from 3.1 to 4.0. This problem did not occur with 3.1 and is new behavior since the 4.0 upgrade.

    Here is some pertinent information:

    OS: Fedora Core 5
    Zimbra Version: zcs-4.0.0_GA_303.FC5
    My Zimbra installation is configured to be accessed entirely over HTTPS port 443.

    I've been looking for days to find a root cause for this problem with no progress. Any ideas?

    Thanks for your help,
    -Geoffrey

  2. #2
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default

    Did you install the extra zimlets? That may be the problem.

    The reason you don't see this on FF is because it's a browser security setting.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  3. #3
    Join Date
    Sep 2006
    Posts
    5
    Rep Power
    9

    Default Removed extra zimlets - problem persists

    Good call on the extra zimlets. I did install the 3.1 extra zimlets. I went ahead and removed these by doing:

    zmzimletctl undeploy com_zimbra_amzn
    zmzimletctl undeploy com_zimbra_wikipedia
    zmzimletctl undeploy com_zimbra_ymaps
    zmzimletctl undeploy com_zimbra_xslt
    zmzimletctl undeploy com_zimbra_tracking

    Removed the associated Zimlet files from /opt/zimbra/zimlets

    Unfortunately the problem still persists. I am still getting the https nonsecure popup warnings.

    Any other ideas?

    Thanks for your help,
    -Geoffrey

  4. #4
    Join Date
    Sep 2006
    Posts
    5
    Rep Power
    9

    Default Removed extra zimlets - problem persists

    One extra note - I did a full server restart following zimlet removal, and I have cleared the cache on my IE browser.

    Still I get the same problem
    -Geoffrey

  5. #5
    Join Date
    Sep 2006
    Posts
    5
    Rep Power
    9

    Default Update

    Okay I've been doing some further analysis of this behavior.

    First off, I ran Wireshark on my local machine while accessing my https url to see if any non-ssl http requests are being made by the browser after I select "Y" to get nonsecure items.

    No http requests are seen by wireshark during the entire transaction. All requsts occur over https.

    So how come IE is reporting this as a request for nonsecure items?

    Perhaps it could have something to do with an iFrame having a blank src attribute?
    http://gemal.dk/blog/2005/01/27/ifra...rnet_explorer/

    The file Ajax_all.js has some code in it to handle this, but is it working properly with IE 6?

    Then again, I may be barking up the wrong tree entirely....
    -Geoffrey

  6. #6
    Join Date
    Jan 2006
    Location
    Seattle, WA
    Posts
    53
    Rep Power
    9

    Default

    All I did was go to IE's
    Tools
    Internet Options
    Custom Level
    and set "Display Mixed Content" to "Enable"

  7. #7
    Join Date
    Oct 2005
    Location
    Harrisburg, Pennsylvania
    Posts
    155
    Rep Power
    10

    Default

    Quote Originally Posted by frostpaw
    The file Ajax_all.js has some code in it to handle this, but is it working properly with IE 6?

    Then again, I may be barking up the wrong tree entirely....
    I just wanted to offer that I've been seeing the same behaviour. Users with IE have been getting that error about some links being insecure.

    I did a upgrade from 3.0.1 to 4.0, but I've never done anything with Zimlets. Whatever Zimlets are enabled or disabled are at their default.

    I had made a few changes in the hopes of fixing this, I'm waiting to hear back from them on whether it actually worked for them (I don't have any Windows computers ;-)

    I'm saying something now, before I hear back from them, so that this doesn't get written off by anyone as an isolated incident ;-)

    Oh, and yes, the error is easy to fix in the IE settings for one person. I was hoping to not have to offer that as a solution to every IE user who wants to use Zimbra though :-)
    -Eric

  8. #8
    Join Date
    Nov 2005
    Posts
    61
    Rep Power
    9

    Default

    For what it is worth... I just upgraded to 4.0. I am having the same problem as mentioned above. No extra zimlets. I get the display secure and nonsecure warning when using IE 6.

    - Rob

  9. #9
    Join Date
    Aug 2006
    Posts
    11
    Rep Power
    9

    Default

    Me too. I'm seeing this same problem in IE6 and in IE7 RC1 since upgrading to Zimbra 4.0. I also would like a fix that doesn't require everyone using IE to make a settings change, particularly since that change makes the browser less secure.

    And it's slightly more than a minor nuisance since it asks every time you log into your account and every time you log out of your account.

    I did a little looking and found the following in /opt/zimbra/tomcat/webapps/zimbra/js/zimbra/common/ZLoginTest.html:

    .ImgLoginBanner {
    width:349px;
    height:92px;
    background-image:url(http://localhost:7070/zimbra/img/loR...inBanner.gif);
    }
    .ImgLoginError {
    width:32px;
    height:32px;
    background-image:url(http://localhost:7070/zimbra/img/loR...tical_32.gif);
    }

    I'm not sure if that page has anything to do with the problem or not. I changed http to https in both places and the problem did not go away.

    dcm

  10. #10
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Hi-
    Just about all of my users use IE, and I don't have the problem, but here's a bug:
    http://bugzilla.zimbra.com/show_bug.cgi?id=3912

Similar Threads

  1. .53 Will Not "Launch" in FF 2.0.0.6
    By jhoelz in forum Installation Help
    Replies: 4
    Last Post: 08-04-2007, 09:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •