Re: CSS and HTTPS problem ...

2009-04-08 Thread Mohamed Abdel-Aziz Bayoumi 
Many thanks Rob, i'll consider that .. will give it a try and feedback whenever 
possible 



You'd have to change the CSS to also reference the images, etc. over https.
 The warning you describe will be triggered whenever you have an HTML page,
delivered over https, that calls images, CSS, or javascript from another
source, delivered over http.  This isn't a Restlet thing ... it applies to
any SSL Web server.
However, one neat Restlet thing that does help, is the Redirector feature.
 This is a bit advanced, but you can use the Redirector on your local web
service to proxy these requests to the other server; this can be used to
avoid such warnings and single-source issues, at the expense of some
overhead in your web service and a responsibility to manage the security
appropriately.

- Rob

-- 
View this message in context: 
http://n2.nabble.com/CSS-and-HTTPS-problem-...-tp2544622p2604784.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1595403

Re: CSS and HTTPS problem ...

2009-04-01 Thread Bruno Harbulot 
Hi,

Rob Heittman wrote:
 You'd have to change the CSS to also reference the images, etc. over 
 https.  The warning you describe will be triggered whenever you have an 
 HTML page, delivered over https, that calls images, CSS, or javascript 
 from another source, delivered over http.  This isn't a Restlet thing 
 ... it applies to any SSL Web server.

Yes, I agree. Although it's possible to turn off this warning in Firefox 
I'd suggest to keep it on.

In terms of site design, it's bad practice to mix HTTPS and plain HTTP 
content.

I've recently found a security issue with a service we use (I believe 
the vendor is investigating the matter). Access to the whole site was 
supposed to be secure because it was served over HTTPS. However, one of 
the web pages was loading a JavaScript document, which was linking 
another JavaScript document, this time in plain HTTP. (Surprisingly 
enough, this second link was a plain HTTP URL only if Mac was in the 
user-agent header!)
Even if this last request failed with a 404 status code (the document 
being actually only served over HTTPS), the request was made over plain 
HTTP and contained the authenticated session cookie. Therefore, someone 
intercepting that request would be able to hijack the session.

I haven't looked at how IE behaves with mixed content, but the downside 
of Firefox warnings is that they are just warnings (you can't cancel the 
request: you can only realise it's too late).


 However, one neat Restlet thing that does help, is the Redirector 
 feature.  This is a bit advanced, but you can use the Redirector on your 
 local web service to proxy these requests to the other server; this can 
 be used to avoid such warnings and single-source issues, at the expense 
 of some overhead in your web service and a responsibility to manage the 
 security appropriately.

+1


Best wishes,

Bruno.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1499674

Re: CSS and HTTPS problem ...

2009-03-31 Thread Mohamed Abdel-Aziz Bayoumi 
Hi Rob,

Thanx for the fast reply ... As it told you Rob i'm using absolute links to 
images or css (since these are not hosted on my server) like the following CSS 
snippet (the background property)
thead th,tbody th
{
   background : #FFF 
url(http://muffinresearch.co.uk/code/xhtmlandcss/tableshow/th_bck.gif) 
repeat-x; 
   color: white;  
   padding : 5px 10px; 
   border-left : 1px solid #CCC;
   }
another important note: i've switched to HTTP instead of HTTPS just to test and 
the style was displayed perfectly (no broken images or missing css files) both 
locally and remotely (i didn't change anything in code) which makes me 100% 
that the problem is mainly considered with HTTPS connection as i told you 
before ...

Thank you


Hard to diagnose without seeing the HTML source ... but is it possible your
HTML is constructed with an absolute URL (starting with http://) in the CSS
link rel.../ tag?  Any snippets of the HTML you can share, or a link to a
page if it's public?

On Fri, Mar 27, 2009 at 10:46 AM, Mohamed Abdel-Aziz Bayoumi 
mohamed@gmail.com wrote:

 It's been a long time since i posted here ... hope u r all fine n well ..
 Now my problem.  I've planned to add some style to one of my restlet (which
 is actually a TEXT_HTML MediaType repreaentation) so i made an external
 stylesheet n saved my .css file and linked it to my html restlet and began
 to test n here u r what i found (note: i'm running the whole application via
 secured HTTPS):


--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1445199


-- 
View this message in context: 
http://n2.nabble.com/CSS-and-HTTPS-problem-...-tp2544622p2562022.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1493998

CSS and HTTPS problem ...

2009-03-27 Thread Mohamed Abdel-Aziz Bayoumi 
Hi All,

It's been a long time since i posted here ... hope u r all fine n well ..
Now my problem.  I've planned to add some style to one of my restlet (which is 
actually a TEXT_HTML MediaType repreaentation) so i made an external stylesheet 
n saved my .css file and linked it to my html restlet and began to test n here 
u r what i found (note: i'm running the whole application via secured HTTPS):

1- Running on microsoft windows:
Everything went okay, style file was loaded okay and applied to my html 
successfully, images were loaded and everything went fine for me (accessed the 
restlet via all available browsers IE, FF, and Chrome).

2- Hosting the restlet on a server running windows
Worked also like charm but on the server .. and when trying to access the 
remotely from my local machine style doesn't show with IE telling me this 
webpage contains content that will not be delivered using a secure HTTPS 
connection. which could compromise the security of the entire webpage .. tried 
also  from FF and Chrome without hope of seen my style applied.

3- Running on openSUSE 10.3:
External styles are never applied and the page displays without any style 
(as if the .css wasn't seen eventhough i'm giving the absolute path to the file 
on my local machine) so i copied the styles inside my html restlet in style 
tags n tested again ... Styles were applied but images were never loaded again 
as if they weren't seen (still giving the absolute path)

So i don't know what to do or where the problem is but my main goal i want to 
achieve is that the page hosted on the server gets displayed with my style when 
accessed by clients anywhere and from any browser ... i read some articles 
talking about missing/broken images and external CSS never applied when using 
HTTPS but with no solutions ... 

Is there anything with restlet concerning css or https  i am missing ? ... 

need help and thanks in advance
-- 
View this message in context: 
http://n2.nabble.com/CSS-and-HTTPS-problem-...-tp2544622p2544622.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1444646

Re: CSS and HTTPS problem ...

2009-03-27 Thread Rob Heittman 
Hard to diagnose without seeing the HTML source ... but is it possible your
HTML is constructed with an absolute URL (starting with http://) in the CSS
link rel.../ tag?  Any snippets of the HTML you can share, or a link to a
page if it's public?

On Fri, Mar 27, 2009 at 10:46 AM, Mohamed Abdel-Aziz Bayoumi 
mohamed@gmail.com wrote:

 It's been a long time since i posted here ... hope u r all fine n well ..
 Now my problem.  I've planned to add some style to one of my restlet (which
 is actually a TEXT_HTML MediaType repreaentation) so i made an external
 stylesheet n saved my .css file and linked it to my html restlet and began
 to test n here u r what i found (note: i'm running the whole application via
 secured HTTPS):


--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1445199

Re: CSS and HTTPS problem ...

2009-03-27 Thread Tal Liron 




To
add to Rob's hunch --


My
guess is that you are using a relative URL to access the CSS, and that
you don't have a trailing slash after your base URL. For example, your
base URL might be:


http://localhost:8080/myapplication/main


While
your CSS link would be:
link href="my.css"
rel="stylesheet" type="text/css"
/
So
the browser would be looking for:


http://localhost:8080/myapplication/mainmy.css


You
need to use a trailing slash on the base URL!







This
is something that can happen in Restlet but not in most Apache
configurations, because Restlet is forgiving about the trailing slash.


-Tal




  On Fri, Mar 27, 2009 at 10:46 AM, Mohamed
Abdel-Aziz Bayoumi mohamed@gmail.com
wrote:
  It's
been a long time since i posted here ... hope u r all fine n well ..
Now my problem. I've planned to add some style to one of my restlet
(which is actually a TEXT_HTML MediaType repreaentation) so i made an
external stylesheet n saved my .css file and linked it to my html
restlet and began to test n here u r what i found (note: i'm running
the whole application via secured HTTPS):