Details
-
Bug
-
Resolution: Cannot Reproduce
-
Low
-
2.0.6
-
The standalone version, JDK 1.6.0_16, running as a service in the included tanuki wrapper, on Windows Server 2003 R2 Standard Edition sp2
Description
The 2.0.6 build came with a CSS file
eg. fecru-2.0.6/content/static/kr6iz1/2static/style/concat.style.251ed754fd74f5a27e000024bd01f650.cache.css
containing entries with absolute http:-based URLs eg.
.search-quick .quicksearchAuthor .icon {
background: transparent url(http://localhost:6060/avatar/default?s=16) no-repeat scroll 1px -2px;
}
and
ul#quick-nav-drop-down li a.quick-search-author {
background: transparent url(http://localhost:6060/avatar/default?s=16) no-repeat scroll 4px 2px;
}
There may be additional entries like that (I haven't done an exhaustive search)
Given that we use Fisheye in with SSL to maintain the privacy of our code, when those URL load along with a normal page in https, we get the mixed secure/non-secure message from MSIE.
Affected browsers
- IE8
- FF 39.0
Developer Tools Output
Loading mixed (insecure) display content "http://localhost:51235/icon" on a secure page [Learn More] [file name redacted] GET http://localhost:51235/icon
Workaround
Disable IDE icons from your profile.
- Select your avatar in the top right of the application to reveal drop down options.
- Select "Profile Settings"
- Select the "Display Settings" tab.
- Scroll down to "IDE Connector"
- Select "No" for "Enable IDE icons"
- Select "Close" to close the modal window.
