IE11, Security Compromised

security

(Paul Roberts) #1

We have noticed an issue with Embedded Iframe and IE11. This manifest with Browser console error being thrown like this

SEC7111: HTTPS security Compromised by res://ieframe.dll/.**
SEC7111: HTTPS security Compromised by res://ieframe.dll/
.**
SEC7111: HTTPS security Compromised by res://ieframe.dll/.**
SEC7111: HTTPS security Compromised by res://ieframe.dll/
.**
SEC7111: HTTPS security Compromised by res://ieframe.dll/****.**

Can anyone help, I need to find not only a solution but the cause of this too, is it the application or is this looker?

Paul


(maanul) #2

Hi Paul, thanks for reaching out. We are investigating the issue and will reach out to separately.


(diego.campos) #3

Hi @PaulRoberts,

Did you try using a system without the same level of browser policy restrictions and see if the error still pops? Also would you share your browser security zone trust settings with us so I can try to repro internally under IE11?

(If you feel that is better as well, I’d also ask you to jump on chat for this one!)

Thanks.


(jodie) #4

I am also receiving this error only in IE. Any update?
Possibly related we just updated from v5 to v6.


(diego.campos) #5

Hi @jodie.capps!

We are still trying to understand what could be causing this issue. Have you tried any of the recommendations above? Could you provide some feedback after applying those changes?

That would be very beneficial for us to be able to reproduce the same configuration that is triggering this console error.
Best,


(seth) #6

@diego.campos Have you guys gotten a solution for this.
I have the same exact issue on Windows 7/8 IE 11. Windows 10 IE 11 works fine.

I put my URL’s in trust setting and put the security down to low.

My referrer is a .com, i.e www.foo.com The URL for the iframe source is a .me, i.e. www.foo.me


(Paul Roberts) #7

Sorry I have not updated this in a while. I ended up not handling this and it was passed onto one of the team.

But in essence, I believe the issue lay in the encoding mechanism for the API call. In Chrome and other decent browsers a straightforward “EncodeString” worked fine but for IE the encoding was different.

I will update this thread later today when I have queried the team as to how the encoding was changed to make it work.

Paul


(bernard.kavanagh) #8

Hi Paul,

Thanks for confirming! I’m looking forward to hearing your solution :slight_smile:

Bernard


(jodie) #9

In our case it appears that the problem was caused by IE11 caching the api call that builds the embed url. So the browser was trying to re-use embed links. Adding no cache headers to our api response seems to have fixed the issue.


(diego.campos) #10

Nice catch Jodie, thanks for sharing.