Dojo HTTPS Loading HTTP Files in dojo.require

[ZiMB LLC]

So, I got all excited when I realized I could load the CDN using HTTPS
but when I fired it up, I still got that stupid mixed content warning
from Internet Explorer saying that some items were insecure. Well, I
looked into the header and it looks like dojo.require is still pulling
the required elements from an http: based location which, to me, sorta
defeats the whole purpose of having an https CDN.

Here are the includes I put in:

<link href="https://ajax.googleapis.com/ajax/libs/dojo/1.3.2/dijit/
themes/tundra/tundra.css" rel="stylesheet" type="text/css"/>
<script src="https://ajax.googleapis.com/ajax/libs/dojo/1.3.2/dojo/
dojo.xd.js" type="text/javascript"></script>

Then I require some ui elements:

dojo.require("dijit.form.TextBox");
dojo.require("dijit.form.ComboBox");
dojo.require("dijit.form.CheckBox");

and the result in the head is this:

<script src="http://ajax.googleapis.com/ajax/libs/dojo/1.3.2/dijit/
form/TextBox.xd.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/dojo/1.3.2/dijit/
form/ComboBox.xd.js" type="text/javascript"></script>

So, as long as this behavior continues, my users are going to have to
disable a security feature in IE (generally a hard sell) or click no
every time that warning pops up.

Is there anyway to force this to require from the https locations?

Thank you.

[Jeff S (Google)]

Hi ZiMB,

I don't think there is much that we can do about this since it seems like the issue is the logic in Dojo's require in that is doesn't take into account that you have loaded the library using https. I think the best way to resolve this is to contact the Dojo community

http://www.dojotoolkit.org/community

There might be some Dojo setting that I'm not aware of, or perhaps this is a bug.

I also created a super simple example based on your description which might be helpful in illustrating the problem (if you don't want to send a link to your own page)

https://ajax-apis.appspot.com/html/dojo-https.html

Happy coding,

Jeff

[James Burke]

On Oct 14, 1:44 pm, ZiMB LLC <chaos.overl...@gmail.com> wrote:
> So, I got all excited when I realized I could load the CDN using HTTPS
> but when I fired it up, I still got that stupid mixed content warning
> from Internet Explorer saying that some items were insecure.  Well, I
> looked into the header and it looks like dojo.require is still pulling
> the required elements from an http: based location which, to me, sorta
> defeats the whole purpose of having an https CDN.

This problem is due to a bug on how paths are resolved in Dojo. This
bug tracks the issue:
http://bugs.dojotoolkit.org/ticket/8546

However, you can work around it by modifying the modulePaths used
inside dojo.xd.js by doing the following:

<script type="text/javascript">
djConfig = {
modulePaths: {
"dojo": "https://ajax.googleapis.com/ajax/libs/dojo/1.3.2/dojo",
"dijit": "https://ajax.googleapis.com/ajax/libs/dojo/1.3.2/dijit",
"dojox": "https://ajax.googleapis.com/ajax/libs/dojo/1.3.2/dojox"
}
};
</script>

<script src="https://ajax.googleapis.com/ajax/libs/dojo/1.3.2/dojo/
dojo.xd.js" type="text/javascript"></script>

James

[The alMIGHTY N]

Forgive my ignorance: I'm curious about the advantage of loading the
CDN files through HTTPS instead of HTTP.

[ZiMB LLC]

There is no direct advantage to using https except that, in Internet
Explorer, if you load elements from both HTTPS and HTTP in the same
page, you get a very annoying warning dialog. In order to avoid
having every IE user get a warning box, you need to ensure that
everything is loaded from the same schema.

And thank you James. That is exactly what I was hoping for.