[ic] Ask Jeeves frames - secure page issue

[Jon Jensen]

On Fri, 27 Aug 2004, John1 wrote:

> It has been brought to our attention by one of our customers that if you get
> to our site via the UK Ask Jeeves search engine then when placing an order,
> the order page is not secure.  i.e.  rather than change to SSL mode the
> order page is a normal insecure page.
> 
> This seemed an odd suggestion, but on investigation I found this was indeed
> the case!
> 
> The problem is that when clicking on a UK Ask Jeeves link you are not
> redirected directly to the website.  Instead, the website is embedded as a
> frame within the UK Ask Jeeves site.  Basically you just get the AskJeeves
> banner across the top of your website.  Very annoying feature!  I tested
> www.ask.com and it seems that this does not employ the same "feature" - only
> www.ask.co.uk
> 
> The URL looks something like this
> http://www.ask.co.uk/ix.asp?q=the+search+phrase&ac=SHOP...&url=www.ourdomain.com
> 
> Anybody any ideas how to get round this - i.e. always make the order page
> secure even if the website is embedded as a frame in the AskJeeves website?
> Or better still, is there a way to bounce the page to the real website -
> i.e. force the frame to be removed?

The best way to force a page to be secure is to force it with 
AlwaysSecure and ExtraSecure in Interchange's catalog.cfg:

http://www.icdevgroup.org/interchange-doc-5.2.0/frames/icconfig_78.html
http://www.icdevgroup.org/interchange-doc-5.2.0/frames/icconfig_102.html

Then also have your webserver redirect any non-secure accesses to it to
the https equivalent. For Apache, use mod_rewrite:

http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html#rewriterule

You can use simple JavaScript code on your pages to break out of a frame:

http://www.thesitewizard.com/archive/framebreak.shtml

Jon

--
Jon Jensen
End Point Corporation
http://www.endpoint.com/
Software development with Interchange, Perl, PostgreSQL, Apache, Linux, ...