Friday, September 25, 2009

Silverlight on IE6: Nagging Security Bug

Do you have a wonderful Silverlight application that you enjoy running in all of the glorious browser flavors available, only to find out that some weird quirky issue pops up in our old friend, Internet Explorer version 6.0 (IE6)?

Perhaps you were as puzzled as we were when IE6 would complain with a "Security warning: nonsecure items on secure page ... blah, blah" (even though we scoured the source and even ran a packet inspector and no non-secured pages were being requested). No matter what your reply, it would pop to some random page and show "page not found."

The solution is quite simple. Most Silverlight examples include having an iframe to interact with for browser history, etc. It is just empty (doesn't link anywhere). Many people might include it without even really using it, but the interesting thing is that even though it points nowhere, IE6 automatically assumes that you are going somewhere insecure!

There are two solutions.

  • If you aren't using it, get rid of it. No iframe in the control that hosts it, and you're golden.
  • If you are using it, point it to a dummy page with a secure URL. Something like:
    ...
    <iframe src="https://myserver.com/transparentgif.GIF"...>
    ...
    
    should work just fine!

Jeremy Likness

No comments:

Post a Comment