This might be the most obscure problem ever, but it caused me such a headache that I thought I would blog about it on the off chance that one person might have this same issue.
First off I’m using ThickBox to handle some of the cool visual effects in the JumpBox admin interface. Such as:
Everything was fine and dandy until we decided to start serving the admin interface over https. This worked for all browsers EXCEPT IE6. In IE6 when ThickBox tries to display you get this security warning:
“This page contains both secure and nonsecure items. Do you want to display the nonsecure items?”
After a small amount of searching on the ThickBox forums I found a post that referenced a blog post about iframes, https, and IE. The conclusion is that ThickBox creates an iframe without a “src” attribute, and in IE6 over HTTPS this throws up the warning as seen above. So the solution is to add a src attribute to the iframe and point it at a blank html file on the server.
The fix is achieved by modifying the ThickBox javascript file. Near the beginning of the TB_show function the following line:
$(“body”).append(“<iframe id=’TB_HideSelect’></iframe><div id=’TB_overlay’></div><div id=’TB_window’></div>”);
… should be changed to:
$(“body”).append(“<iframe src=”blank.html” id=’TB_HideSelect’></iframe><div id=’TB_overlay’></div><div id=’TB_window’></div>”);
As advertised this fixes the warning from IE6. However this breaks… something… in Firefox 2 on OS X. I say “something” because I really don’t know what is going on. Everything works fine in Firefox on XP, Safari, IE6 and IE7. Here’s a screen grab:
Apparently this weirdness is caused by the src=’blank.html’ on the iframe. How this is causing problems is beyond me. The solution is to do a little browser detection to determine if we’re dealing with IE, in that case add the src attribute to the iframe, and the rest of the time forget about it:
if(navigator.appName == “Microsoft Internet Explorer”) {
$(“body”).append(“<iframe src=’blank.html’ id=’TB_HideSelect’></iframe><div id=’TB_overlay’></div><div id=’TB_window’></div>”);
} else {
$(“body”).append(“<iframe id=’TB_HideSelect’></iframe><div id=’TB_overlay’></div><div id=’TB_window’></div>”);
}
To anyone still reading, I hoped this helps. Otherwise sorry you had to listen to me rant about another JavaScript issue that is fueling my hatred of supporting multiple browsers.
UPDATE: Mark was kind enough to point out that instead of using a blank html file as the source of the iframe, you can use “javascript:false;” which is compatible with all browsers thus eliminating the need to do browser detection. So instead of that ugly chunk of code seen above, all you need is:
$(“body”).append(“<iframe src=’javascript:false;’ id=’TB_HideSelect’></iframe><div id=’TB_overlay’></div><div id=’TB_window’></div>”);
This is a much simpler and cleaner solution.
27 Comments
I cannot find sufficient words to thank you for this post.
I was about to give up using thickbox under https, and with you came down the “light”.
Thanks again pal,
Nicolas
Glad I could help!
Thanks for this. I just had the exact same problem. I used “javascript:false;” rather than blank.html to avoid any potential 404s in Firefox. I am hoping this removes the need for the browser sniffing.
I’ll have to give “javascript:false” a try. If that works cross browser, it would make for a much cleaner solution. Thanks for the tip!
The javascript:false worked great, thanks!
A thousand Thank yous! You saved my butt
i love you… thanks for this
I am opening an https page from http page in thickbox. However I can only see the loading image and the page doesn’t open at all. This works fine if only http is used.
Any solution for this.
Thanks in advance.
To make this change for the “minimized” version. Find the list of pipe-delimited labels and look for |iframe|. Change this to
|iframe src=\’javascript:false;\’|
Note: you have to escape the single quotes.
Hey Man, just wanted to say thanks for this post. I was experiencing the same exact problem and you solved it. Thank you so much! Gotta love using HTTPS on IE6!
Hey Ben, Just a quick note to say thank you for this post. You answered all my questions and saved hours of investigaton through one simple solution. I’ll buy you a pint next time your around here (Glasgow,Scotland)
DC
Thanks for the post. We were having this issue and this fixed it.
Thank you thank you thank you have a deadline of 3 hours to fix this – thank YOU!!!
ThankssssssssoMUCH!
Nice post man!
Excellent! Was trying to find the missing src — silly iFrame!
Brilliant. Thanks for publishing.
Yeah, I used this on my site at http://www.lifelister.com/. Was having major issues https and this was the solution.
Thanks!
[...] Mostly for personal reference but hey, it’s a personal blog, and this just cost me three hours. cause IFRAMEs without a SRC might throw up an error in IE6 on HTTPS, but they don’t actually make a request so staring at a HTTP sniffer proxy doesn’t do you much good. ← previous post next post → Archives [...]
Thanks a lot, I had been using blank images in the past to solve this problem for a tooltip (they work in safari) didn’t realize javascript:false; would also work.
Yes. Yes yes yes!
Thanks!
That’s amazing!
Thank you so much!
I have been searching for the solution couple of days! Your advice works! I am happy now!
Thank’s very much, It would have taken me hours to track down such an obscure bug.
Brilliant, thanks heaps!
Yet another grateful post. Like Demoli said, it’d take hours of testing to find this one bug in this particular situation.
Hi,
Anyone solve thickbox overlay issue with ie6, im facing the only half the page is getting overlayed if scroll in the page……
i tried changing the tb_poistion function as well but no luck…
any idea.. plz
Thanks! Saved me a whole lot of headache…