IE9 HTTPS security is compromised by my Greasemonkey script?

javascript jquery internet-explorer greasemonkey internet-explorer-9
49,185

Solution 1

Presumably: Use https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js instead (or not trust a third party CDN (to be both trustworthy and not compromised) for your secure pages)

Solution 2

You can eliminate the issue with simpler code by using a scheme-relative URL like this:

var script = document.createElement("script");
script.setAttribute("src", 
   "//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js");

This will use http:// on an http:// page and https:// on an https:// page...a much simpler way to solve the issue.

Solution 3

The error message is IE's new way of warning about mixed content (HTTP and HTTPS resources on a secure page). Here is a related MSDN blog post.

Using 

https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js

seems to work as well, although I can't see a official reference to it in the Libraries API overview.

Solution 4

The problem is that when you're in secure mode (ie HTTPS), all the files loaded by the page must also be HTTPS. The JQuery include you're making here is HTTP.

You need to detect whether the page is in HTTP or HTTPS mode (use window.location.protocol()), and adjust the URL of the JQuery include to suit. (all it needs is the additional 's' after 'http')

Share:
49,185
heffaklump
Author by

heffaklump

Updated on December 05, 2020

Comments

  • heffaklump
    heffaklump over 3 years

    I’ve got a Greasemonkey-for-IE script in IE9 that’s importing jQuery. But on secure pages it doesn’t work.

    I’m getting:

    SEC7111: HTTPS security is compromised by http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

    The code that fails is:

    var script = document.createElement("script");
script.setAttribute("src", 
    "http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js");

    How can I make this work? The script doesn’t cause a problem in Firefox.

  • Elzo Valugi
    Elzo Valugi over 13 years
  • Ian Dunn
    Ian Dunn over 8 years
    Protocol-relative URLs are now considered an anti-pattern. It's better to just explicitly use HTTPS instead.
  • Nick Craver
    Nick Craver over 8 years
    @IanDunn I'm not disagreeing in general, but that's not universally true at all. There are performance concerns with SSL/TLS, regardless of what people running global data centers and no latency issues may tell you. As far as I'm aware, the speed of light hasn't changed recently, but I'll double check tomorrow :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Execute certain javascript if browser lt ie9
Error in Internet Explorer 9 (not earlier versions or other browsers) when including jQuery in an iframe
My jQuery is not working with IE11
Cursor moves to the beginning of a text field
Position sticky not working in IE
How to preview a image before upload using JavaScript or jquery?
Syntax Error 'SCRIPT1002' using Internet Explorer 11
No images on IE only black box with white x
Need help with jquery/javascript popup window script - getting weird error in internet explorer
$(window).load() in IE?