[ic] Ask Jeeves frames - secure page issue
Jon Jensen
jon at endpoint.com
Fri Aug 27 16:36:28 EDT 2004
On Fri, 27 Aug 2004, John1 wrote:
> It has been brought to our attention by one of our customers that if you get
> to our site via the UK Ask Jeeves search engine then when placing an order,
> the order page is not secure. i.e. rather than change to SSL mode the
> order page is a normal insecure page.
>
> This seemed an odd suggestion, but on investigation I found this was indeed
> the case!
>
> The problem is that when clicking on a UK Ask Jeeves link you are not
> redirected directly to the website. Instead, the website is embedded as a
> frame within the UK Ask Jeeves site. Basically you just get the AskJeeves
> banner across the top of your website. Very annoying feature! I tested
> www.ask.com and it seems that this does not employ the same "feature" - only
> www.ask.co.uk
>
> The URL looks something like this
> http://www.ask.co.uk/ix.asp?q=the+search+phrase&ac=SHOP...&url=www.ourdomain.com
>
> Anybody any ideas how to get round this - i.e. always make the order page
> secure even if the website is embedded as a frame in the AskJeeves website?
> Or better still, is there a way to bounce the page to the real website -
> i.e. force the frame to be removed?
The best way to force a page to be secure is to force it with
AlwaysSecure and ExtraSecure in Interchange's catalog.cfg:
http://www.icdevgroup.org/interchange-doc-5.2.0/frames/icconfig_78.html
http://www.icdevgroup.org/interchange-doc-5.2.0/frames/icconfig_102.html
Then also have your webserver redirect any non-secure accesses to it to
the https equivalent. For Apache, use mod_rewrite:
http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html#rewriterule
You can use simple JavaScript code on your pages to break out of a frame:
http://www.thesitewizard.com/archive/framebreak.shtml
Jon
--
Jon Jensen
End Point Corporation
http://www.endpoint.com/
Software development with Interchange, Perl, PostgreSQL, Apache, Linux, ...
More information about the interchange-users
mailing list