Skip to main content
J
jackhuang
Known Participant
September 30, 2014
Answered

CFwindow not working with secure URL

  • September 30, 2014
  • 5 replies
  • 2894 views

I use the code

    <cfajaximport tags="cfform, cfmessagebox, cfwindow">
   <cfwindow bodystyle="background:white;font:12px/normal arial, Helvetica, sans-serif;" initShow="true" width="350" height="255" name="signin" center="true" resizable="false" draggable="false" source="login.htm"/>

and it is working fine.  The sign in window appears.  However, I want to change it to a secured URL by entering the full URL

    <cfajaximport tags="cfform, cfmessagebox, cfwindow">
   <cfwindow bodystyle="background:white;font:12px/normal arial, Helvetica, sans-serif;" initShow="true" width="350" height="255" name="signin" enter="true" resizable="false" draggable="false" source="https://mydomain/login.htm"/>

The pop up cfwindows shows blank.  Why is that?  Any help is appreciated.

This topic has been closed for replies.
Correct answer Carl Von Stetten

Because that is considered a cross-domain request (although it seems to be only cross-protocol, in reality an http address can resolve to a different virtual host from an https address).  Take a look a this StackOverflow thread for some suggested workarounds.

Also, this is probably easier to deal with using **anything** other than CFWindow, as Scott suggests.

5 replies

Carl Von Stetten
Carl Von Stetten
Legend
October 3, 2014

jackhuang,

I don't really have anything else to offer, other than "don't use <cfwindow>".

S
Scott Stroz
Participating Frequently
September 30, 2014

What happens when you go to the URL directly in a browser window rather than from CFWINDOW?

J
jackhuangAuthor
Known Participant
September 30, 2014

It works normally with https prefix.  It's just a simple sign in form.

Carl Von Stetten
Carl Von StettenCorrect answer
Legend
September 30, 2014

Because that is considered a cross-domain request (although it seems to be only cross-protocol, in reality an http address can resolve to a different virtual host from an https address).  Take a look a this StackOverflow thread for some suggested workarounds.

Also, this is probably easier to deal with using **anything** other than CFWindow, as Scott suggests.

S
Scott Stroz
Participating Frequently
September 30, 2014

Because CFWindow.

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
September 30, 2014

Why don't you rename the page to .cfm? Coldfusion does not process HTML pages.

J
jackhuangAuthor
Known Participant
September 30, 2014

I made CF process .htm as well.  I read somewhere that it's best to hide from public what technology you are using.

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
October 1, 2014

jackhuang wrote:

I made CF process .htm as well.

No, you cannot. Again, Jackhuang, you see a blank page because Coldfusion does not process the CFML code on the HTML page. I am assuming here that you are using the default Coldfusion extensions CFM, CFML, CFC, etc.

Then the web server does not send HTML files to Coldfusion for processing. It simply sends them as text to the browser. You are seeing nothing because browsers don't display tags. However, you will see the text if you open the URL in a browser and view the source.

Oh, and I agree with Scott and Carl that you should avoid Coldfusion UI tags like cfwindow. You could use simple ol' Javascript.

Carl Von Stetten
Carl Von Stetten
Legend
September 30, 2014

Is the main page the CFWindows is part of also on HTTPS?

J
jackhuangAuthor
Known Participant
September 30, 2014

The page that calls the secured login page is not on https.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices