><form action="https://my.server/reports.php" method="post" >target="_blank"> ><input type=submit value='Show PDF'> ></form> ><form action="https://my.server/reports.php" method="get" >target="_blank"> ><input type=submit value='Show PDF'> ></form> > >These forms are identical with the exception of the post/get methods. > >A PDF file is being dynamically generated and displayed in a pop-up. > >The GET method form works fine, while the POST method (which is what I >need to use) pops up a message about the page containing both secure and >nonsecure data. > >WTF?
Well, the new browser window opens, but you're loading a PDF, not HTML, so it's not really getting any data at all. The data it's not getting isn't secure, by definition, since there's nothing there. Meanwhile, back at the ranch, the PDF file is being transmitted securely, as you want it to be, and that's being opened in whatever application/plug-in I told my browser to use for PDF files. I dunno about most folks, but my PDF files always fire up in a new Application anyway, much less a new window. While I realize some people have that funky plug-in crap going on, and will see their PDF trapped inside a browser window, you're probably best off not doing the target="_blank" part. That will take care of the stupid warning, since there is no blank window opening up to get the empty insecure HTML document you're not sending out. :-) It *IS* pretty stupid of the browser to complain about the non-secure non-data, but it's not PHP. You'll have to talk to your browser manufacturer about that one. YMMV. Disclaimer: This above is simply my rationalization of the browser behaviour described (and which I've experienced). I have not really dug deep into source code and disassembled data to verify this working hypothesis. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php