November Happy Hour will be moved to Thursday December 5th.

"Blocked loading mixed active content" error for pages configured as "Shortcut to page on another website"

Vote:
 

Hi,

We are running CMS admin site with secure connection (https://) and our customer noticed problem in following scenario:

- create page

- configure in Settings tab "Shortcut to page on another website"

- set external link URL to some address without SSL (http://)

- publish page

- now after loading page in CMS content view is empty, there is not even active button to edit page (customer asks how to edit now such page), CMS is after that not usable without full reload of the page in browser

When you open console there is an error "Blocked loading mixed active content" from widgets.js

We have installed EPiServer 7.18 version, is it something what has been already fixed by some later update or known as a bug?

#123307
Jul 01, 2015 11:12
Vote:
 

I guess it's not even a bug. This is how your client browser is handling mixed content rendering. Not sure if there are easy solution for that..

#123490
Jul 08, 2015 0:21
Vote:
 

Hi,

I'm not sure if it's fixed in a newer version but to work around this you can try to create a custom ViewConfiguration and a custom UIDescriptor. I'm giving you a code sample here that requires your page types, at least the one with the problem, to inherit from a base page type. In this code sample I'm calling it BasePageType and it looks like this:

public abstract class BasePageData : PageData
{
}

ViewConfiguration class

Pay extra attention to the ControllerType property setter in the constructor. I'm using a custom PageDataController (javascript component inheriting from the EPiServer default component) that I'll get back to soon.

[ServiceConfiguration(typeof(ViewConfiguration))]
public class OnPageEditing : EPiServer.Cms.Shell.UI.UIDescriptors.ViewConfigurations.OnPageEditing
{
    public OnPageEditing()
    {
        Key = "custom-onpageedit";
        ControllerType = "site/contentediting/PageDataController";
    }
}

UIDescriptor class

This class is a rip off of the UIDescriptor for PageData that EPiServer supplies, with one difference: The DefaultView property is set to our custom view configuration, "custom-onpageedit" instead of the default "onpageedit".

[UIDescriptorRegistration]
public class PageDataUIDescriptor : UIDescriptor<BasePageData>, IEditorDropBehavior
{
    public bool AllowSelectItSelf { get; private set; }

    public PageDataUIDescriptor()
    {
        IsPrimaryType = true;
        CommandIconClass = "epi-iconPage";
        AllowSelectItSelf = true;

        var typeArray = new [] { typeof(PageData) };
        ContainerTypes = typeArray;
        EditorDropBehaviour = EditorDropBehavior.CreateLink;
        DefaultView = "custom-onpageedit";
        AddDisabledView(CmsViewNames.OnPageEditView);
    }

    public EditorDropBehavior EditorDropBehaviour { get; set; }
}

PageDataController javascript

This inherits from "epi-cms/contentediting/PageDataController" and overrides just one method, _changeUrl. The script is located in the ~/ClientResources/Scripts/contentediting folder in the Visual Studio project.

define([
    "dojo/_base/array",
    "dojo/_base/declare",
    "dojo/_base/lang",

    "epi-cms/contentediting/PageDataController"
],
function (
    array,
    declare, 
    lang,
    EPiPageDataController) {
    return declare("site.contentediting.PageDataController", [EPiPageDataController], {
        _changeUrl: function (url, forceReload) {
            var previewParams = lang.mixin(this._previewQueryParameters, this._viewSettingsManager.get("previewParams"));

            // Do the check here if the url that's about to be loaded is an external link and if the protocol doesn't match the current one.
            if (url.indexOf("http") == 0 && url.indexOf(window.location.protocol) == -1) {
                console && console.log("Blocked loading mixed active content");
                // Do whatever you want to do here, perhaps load a static HTML file with details in the iframe.
                return null;
            }

            // we want a reload even if its a same url in order to render all kind of contents (i.e videos)
            return this.iframeWithOverlay.iframe.load(url, { query: previewParams }, true, forceReload);
        },
    });
});

Module.config

To get the custom javascript to work we need to add some configuration to the module.config file in the root of project. If it's not there, just create it. For this sample it looks like this:

<?xml version="1.0" encoding="utf-8"?>
<module>
    <dojoModules>
        <!-- Add a mapping from site to ~/ClientResources/Scripts to the dojo loader configuration -->
        <add name="site" path="Scripts" />
    </dojoModules>
</module>
#123550
Jul 08, 2015 11:32
Vote:
 

Thanks a lot for your detailed answer Mattias, we will check that solution after summer vacation.

Is it something you use in some of your projects currently?

#123554
Jul 08, 2015 12:05
Vote:
 

Yesterday installed latest version of EPi (8.10.0) and it seems to be fixed.

Now when accessing such page in CMS there is a message saying:

Preview Unavailable

The system uses HTTPS while this shortcut uses HTTP. The shortcut is, however, visible to website visitors.
#123731
Jul 17, 2015 12:56
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.