Question
Coforge DPA
AU
Last activity: 23 Mar 2016 23:29 EDT
Launching an URL in iFrame (pop-up)
Hi,
We are integrating with a hardware which will read an ATM card. In order to do that we are launching an url in iFrame(pop-up) that will launch the application for that hardware (Card Reader). The URL consists of <STATIC PART>+<pyid>+<Another Dynamic part>. Now when am launching the url in iFrame. am getting getting the error like Content was blocked because it was not signed by a valid security certificate.
It is evident that this application that we are trying to launch requires a certificate, but my question is what kind of cert is required here? is it a browser or server certificate? the service providor says they do not need provide any certificate.
launching this url in ie asks to run an application that will download some plugins etc which is not happening in PRPC. How can i handle this?
Note: In ie it is running after all the plugins are downloaded.Any other urls if i launch in iFrame is working, but only this url is not working.
PFA the error.
V7.1.7
-
Like (0)
-
Share this page Facebook Twitter LinkedIn Email Copying... Copied!
Accepted Solution
Coforge DPA
AU
Found the fix, its working. Yes i googled and search for Navigation to the webpage was cancelled. Made the changes in IE and its working now.
Changes made:
1. Add the URL in the trusted site
2. Display Mixed Content
Pegasystems Inc.
AU
This is blocked not due to not passing a valid certificate, but because the certificate the third party site passed back was not deemed to be valid.
If you open the URL directly, do you see a lock for the site in the address bar or is there a red shield or cross or some such.
Updated: 23 Mar 2016 4:19 EDT
Coforge DPA
AU
No there is no thing like that. the url is http so we do not get that. Then my question is how can pega determine its validity?
- Mainak
Pegasystems Inc.
AU
The error you describe is not in fact a Pega error, it is an Internet Explorer error.
This will likely be due to the fact that you're mixing secure and insecure content, this usually violates browser security policies.
Does the third party site have an https version available?
Updated: 23 Mar 2016 4:18 EDT
Coforge DPA
AU
yes they have it but that will only be used in SIT and above.
- Mainak
Pegasystems Inc.
AU
And your (pega) development environment is using https exclusively? Are you able to access without ssl?
Updated: 23 Mar 2016 4:18 EDT
Coforge DPA
AU
yes we are using https in dev url and yes we can use it without SSL. Am trying to change the url to https and will try to import the browser certificate. Let me try and will let you know.
- Mainak
Updated: 23 Mar 2016 4:17 EDT
Coforge DPA
AU
No it didn't work. Although am getting a different error now when am trying with http (which we are asked to use)
Navigation to the webpage was cancelled
- Mainak
Pegasystems Inc.
AU
So do you still get the error when you use Pega without https?
Updated: 23 Mar 2016 4:17 EDT
Coforge DPA
AU
yeah, it says
Navigation to the webpage was cancelled
- Mainak
Pegasystems Inc.
AU
Google tells me this is still an error caused by security configuration.
As a hammer approach, I'd add both your dev environment and the target url to your trusted sites list in IE.
Make sure in the settings there, you de-select 'Require Server Verification (https)'
This should only be an interim measure until the security requirements for your particular application and browser are fully known addressed.
i.e. Will your userbase have browsers that accept content from multiple domains, will they be using ssl for all components of the solution, etc.
Updated: 23 Mar 2016 4:16 EDT
Coforge DPA
AU
Its not working.
- Mainak
Pegasystems Inc.
AU
Hey Mainak,
Unfortunately i'm out of ideas, what I can tell you is that this is a security error from the browser itself.
In theory if you were to create a raw html file host it on a secure server and have an iframe sourced from an insecure URL you would experience the same behaviour.
If you google either:
- Content was blocked because it was not signed by a valid security certificate
- Navigation to the webpage was cancelled
There are a number of resources that explain the mechanics of the problem including the Microsoft website itself.
Accepted Solution
Coforge DPA
AU
Found the fix, its working. Yes i googled and search for Navigation to the webpage was cancelled. Made the changes in IE and its working now.
Changes made:
1. Add the URL in the trusted site
2. Display Mixed Content