I have an issue with Internet Explorer 6.0.2900.218, SP2, 128-bit cipher strength not rendering content in a frameset from an SSL enabled web server. This server happens to be my client’s server and is where the product will reside. I have not been able to reproduce this issue on two other servers running SSL so I can’t imagine what this particular server’s issues are. Finally, the problem is not experienced when using earlier versions of Internet Explorer, or Opera or Firefox.

The frameset is created in index.html. The frameset is designed as follows:

<FRAMESET cols="197,*" frameborder="NO" border="0" onload="populate();" onunload="exitCourse('incomplete');">
  <FRAME name="nav" title="navigational links frame" src="leftNav2.html" scrolling="no" marginwidth="0" marginheight="0">
    <FRAMESET rows="52px,*" frameborder="NO" border="0" >
                      <FRAME name="logo" title="top frame" src="topFrame.html" scrolling="no" marginwidth="0" marginheight="0">
                      <FRAME name="content" title="contents frame" src="blank.html" scrolling="no" marginwidth="0" marginheight="0">
    </FRAMESET>
</FRAMESET>

  Lessons.js contains multiple functions that handle navigation, look-feel and pop-up window generation. It is referenced as follows in the header section of index.html

<script language="JavaScript" src="scripts/lesson.js"></SCRIPT>

The problem is that no files can be placed in the “content” frame using JavaScript when running on one server. The server is Apache/2.0.48 (Unix) mod_jk2/2.0.2 and is using SSL. Index.html correctly populates the “nav” frame and the “logo” frame. The “content” frame initially is populated by blank.html which is as designed. Some content in the “nav” and “Logo” frames are dynamically generated using JavaScript. This is correctly displayed, so the JavaScript is being read correctly.

Using the debugger in IE, I have identified what lines of code are at the core of the problem.

Index.html’s body tag calls the function populate() using the onLoad event. The function populate() resides in lesson.js.

function populate(){
    bottom=URLprefix + pageArray[0];
parent.content.location.href = bottom;
loadPage();
}

var URLprefix = “https://*********/scorm-content/***/****/modA/”;

pageArray = new Array (
    "intro.htm",
    "1000.htm",
        ""
)
Originally, I did not have the var URLPrefix but I put that in just to see if having a complete URL would correct the problem – it didn’t.

The line in populate() causing the problem is

parent.content.location.href = bottom;.

I get an “Access Denied” error here.

I get other “Access Denied” errors in other functions at this line

var url = parent.content.document.URL; .

What is the issue with trying to access the document.URL and document.href? Can web servers shut this access off? What is the workaround?

When I set IE6 SP2 Advanced Options to “Allow Active Content to run in files on My Computer”, the problem goes away. This is not an acceptable solution. Besides, the content is delivered via the internet.

Because you are using two different protocols you are creating a cross domain scripting issue. Have you tried enabling "access data sources across domains" in the relevant security zone?

--

Joe (Microsoft MVP - XML)

index.html is called using https: so there is no cross-domain issue. The code works on two other servers running SSL. THe only thing I changed was the URLPrefix variable.

Well, it works all of a sudden. No changes to the code and the server admin says nothing changed. Go figure.