No -- I actually have no problem (other than the one
described) doing an HTTPS request from within an HTTP loaded app as long as it
is from the same server. Anyway, that's not the problem. The URL I
use (like the one in the demonstration program below) is server-relative --
something like '/cmd/authinfo' -- so it uses the same server and
protocol as the loaded app.
Cameron
From: Henry Minsky [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 01, 2005 6:19 PM
To: Cameron Brown
Cc: [email protected]
Subject: Re: [Laszlo-dev] Dataset loading problem over HTTPS in IE6
On 12/1/05, Cameron
Brown <[EMAIL PROTECTED]>
wrote:
Ye List,
Executive Summary:
Dataset loading does not work if communicating over HTTPS in IE6 and the server sends a 'Pragma: no-cache' HTTP header.
The Details:
I've been having trouble with my serverless lzx app breaking when run over HTTPS in IE6. It works fine over HTTP in IE, and fine
for both HTTP and HTTPS in Firefox 1.0.7.
I first noticed the problem a few months ago, using Laszlo 3.0. It did not go away in 3.0.2. I let it slide for a while since
Firefox provided a workaround if HTTPS was required, but the coincidence of a disgruntled IE-wed customer and the release of Laszlo
3.1 brought it back to my attention. The basic problem was that over HTTPS in IE6, my datasets which load XML data from my app
server were not getting any data when making requests. Instead I'd just get the (3.1) error:
LzLoadQueue.serverlessOnDataHandler load failed from URL ' /cmd/authinfo ', no data received.
Failure to load data in serverless apps may be caused by Flash player security policies. Check your data server crossdomain.xml file
I only use server-relative paths for URLs, and loading works fine in the other client environments, so I knew it wasn't actually a
crossdomain.xml problem. Also I could see that the server was getting the request properly and replying properly. So I tried
messing around with the headers of the reply and lo and behold getting rid of 'Pragma: no-cache' fixed the problem.
The only thing I'm worried about now is whether dropping the 'Pragma: no-cache' is now going to cause some version of some browser
to start caching the data coming from the server -- that would be a disaster. I am still able to use the headers:
Expires: Sat, 1 Jan 2000 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
They haven't caused any trouble. And I suspect that they will be sufficient to prevent caching in important browsers, right? Any
reassurances will be appreciated.
Anyway, here's some code to demonstrate the problem:
===============================================================
PHP for the server side ("/prag- nc-test.php"):
===============================================================
<?
// Pragma: no-cache breaks serverless loads under https in IE,
// but works for http in IE and http and https in Firefox
header('Pragma: no-cache');
print('<result>Irrelevant</result>');
?>
===============================================================
===============================================================
LZX Client:
===============================================================
<canvas height="350" width="100%" debug="true" proxied="false">
<debug x="5" y="40" height="300" width="800"/>
<dataset type="http" name="testds"
autorequest="false"
src=""/>
<method name="handleData">
Debug.write((new Date())+": Request succeeded.");
</method>
<method name="handleError">
Debug.write((new Date())+": Request got an error -- sorry.");
</method>
<method name="handleTimeout">
Debug.write((new Date())+": Request timed out (after "+(getTimer()-canvas.reqTime)+" ms) -- sorry.");
</method>
<view x="5" y="5">
<text valign="middle">Request URL:</text>
<edittext width="300" id="srcTxt" text="$once{canvas.datasets.testds.src}"/>
<button text="Start Request">
<method event="onclick">
canvas.reqTime = getTimer();
var d = canvas.datasets.testds;
if (srcTxt.text) {
Debug.write((new Date())+": Setting URL to '"+srcTxt.text+"'...");
d.setAttribute('src', srcTxt.text);
Debug.write((new Date())+": value set.");
}
Debug.write((new Date())+": Sending request to "+d.src+"...");
d.doRequest ();
</method>
</button>
<simplelayout axis="x"/>
</view>
</canvas>
===============================================================
I created a JIRA issue for the problem: http://www.openlaszlo.org/jira/browse/LPP-1156
Regards,
Cameron Brown
_______________________________________________
Laszlo-dev mailing list
[email protected]
http://www.openlaszlo.org/mailman/listinfo/laszlo-dev
--
Henry Minsky
Software Architect
[EMAIL PROTECTED]
_______________________________________________ Laszlo-dev mailing list [email protected] http://www.openlaszlo.org/mailman/listinfo/laszlo-dev
