wicket app over https but renders some images as http
Hi all, I have a Wicket application that is running over HTTPS but is rendering some images (like background images from css) over HTTP only. This causes the 'This page contains unsecure items' type warning and inspecting the Page Info from Firefox shows they are indeed being served over HTTP only. Luckily I can switch this particular site to be just HTTP and as soon as I do that, the issues go away (obviously since its all just HTTP now). However I cannot just run the entire app over HTTPS only, as this application is deployed in many different contexts by many different institutions and they may be running it over HTTP only. So can I force Wicket to render everything via HTTPS if its running over HTTPS and just normal HTTP if its running as such? Note that I have things like: .someClass { background-image: url(/library/image/silk/icon.png); } so I can't just prefix all URL links since most of them come from the CSS. thanks, Steve smime.p7s Description: S/MIME cryptographic signature
Re: wicket app over https but renders some images as http
The background image url is relative to the css file. Is the request for the css file https? On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Hi all, I have a Wicket application that is running over HTTPS but is rendering some images (like background images from css) over HTTP only. This causes the 'This page contains unsecure items' type warning and inspecting the Page Info from Firefox shows they are indeed being served over HTTP only. Luckily I can switch this particular site to be just HTTP and as soon as I do that, the issues go away (obviously since its all just HTTP now). However I cannot just run the entire app over HTTPS only, as this application is deployed in many different contexts by many different institutions and they may be running it over HTTP only. So can I force Wicket to render everything via HTTPS if its running over HTTPS and just normal HTTP if its running as such? Note that I have things like: .someClass { background-image: url(/library/image/silk/icon.png); } so I can't just prefix all URL links since most of them come from the CSS. thanks, Steve -- Jason Lea
Re: wicket app over https but renders some images as http
The request for the CSS is a renderCssReference call: response.renderCSSReference(css/styles.css); So it should be relative to what ever protocol is being used? On 11/02/2010, at 10:58 AM, jason lea wrote: The background image url is relative to the css file. Is the request for the css file https? On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Hi all, I have a Wicket application that is running over HTTPS but is rendering some images (like background images from css) over HTTP only. This causes the 'This page contains unsecure items' type warning and inspecting the Page Info from Firefox shows they are indeed being served over HTTP only. Luckily I can switch this particular site to be just HTTP and as soon as I do that, the issues go away (obviously since its all just HTTP now). However I cannot just run the entire app over HTTPS only, as this application is deployed in many different contexts by many different institutions and they may be running it over HTTP only. So can I force Wicket to render everything via HTTPS if its running over HTTPS and just normal HTTP if its running as such? Note that I have things like: .someClass { background-image: url(/library/image/silk/icon.png); } so I can't just prefix all URL links since most of them come from the CSS. thanks, Steve -- Jason Lea smime.p7s Description: S/MIME cryptographic signature
Re: wicket app over https but renders some images as http
Note that this also happens for resources that Wicket serves, eg: resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif and ContextImages. Can I detect HTTPS and force Wicket to serve content over HTTPS? thanks, Steve On 11/02/2010, at 11:14 AM, Steve Swinsburg wrote: The request for the CSS is a renderCssReference call: response.renderCSSReference(css/styles.css); So it should be relative to what ever protocol is being used? On 11/02/2010, at 10:58 AM, jason lea wrote: The background image url is relative to the css file. Is the request for the css file https? On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Hi all, I have a Wicket application that is running over HTTPS but is rendering some images (like background images from css) over HTTP only. This causes the 'This page contains unsecure items' type warning and inspecting the Page Info from Firefox shows they are indeed being served over HTTP only. Luckily I can switch this particular site to be just HTTP and as soon as I do that, the issues go away (obviously since its all just HTTP now). However I cannot just run the entire app over HTTPS only, as this application is deployed in many different contexts by many different institutions and they may be running it over HTTP only. So can I force Wicket to render everything via HTTPS if its running over HTTPS and just normal HTTP if its running as such? Note that I have things like: .someClass { background-image: url(/library/image/silk/icon.png); } so I can't just prefix all URL links since most of them come from the CSS. thanks, Steve -- Jason Lea smime.p7s Description: S/MIME cryptographic signature
Re: wicket app over https but renders some images as http
What URL does Wicket generate in your HTML? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 6:46 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Note that this also happens for resources that Wicket serves, eg: resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif and ContextImages. Can I detect HTTPS and force Wicket to serve content over HTTPS? thanks, Steve On 11/02/2010, at 11:14 AM, Steve Swinsburg wrote: The request for the CSS is a renderCssReference call: response.renderCSSReference(css/styles.css); So it should be relative to what ever protocol is being used? On 11/02/2010, at 10:58 AM, jason lea wrote: The background image url is relative to the css file. Is the request for the css file https? On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Hi all, I have a Wicket application that is running over HTTPS but is rendering some images (like background images from css) over HTTP only. This causes the 'This page contains unsecure items' type warning and inspecting the Page Info from Firefox shows they are indeed being served over HTTP only. Luckily I can switch this particular site to be just HTTP and as soon as I do that, the issues go away (obviously since its all just HTTP now). However I cannot just run the entire app over HTTPS only, as this application is deployed in many different contexts by many different institutions and they may be running it over HTTP only. So can I force Wicket to render everything via HTTPS if its running over HTTPS and just normal HTTP if its running as such? Note that I have things like: .someClass { background-image: url(/library/image/silk/icon.png); } so I can't just prefix all URL links since most of them come from the CSS. thanks, Steve -- Jason Lea
Re: wicket app over https but renders some images as http
Hi Jeremy, For resources its rendered as http://myserver/webapp/context/resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif For a ContextImage its: img src=images/no_image.gif/ For the CSS include its: link rel=stylesheet type=text/css href=css/styles.css / It all looks fine except the styles.css that has the classes are sending the images over HTTP, and they declare like: .someClass { background-image: url(/library/image/silk/icon.png); } cheers, Steve On 11/02/2010, at 11:53 AM, Jeremy Thomerson wrote: What URL does Wicket generate in your HTML? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 6:46 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Note that this also happens for resources that Wicket serves, eg: resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif and ContextImages. Can I detect HTTPS and force Wicket to serve content over HTTPS? thanks, Steve On 11/02/2010, at 11:14 AM, Steve Swinsburg wrote: The request for the CSS is a renderCssReference call: response.renderCSSReference(css/styles.css); So it should be relative to what ever protocol is being used? On 11/02/2010, at 10:58 AM, jason lea wrote: The background image url is relative to the css file. Is the request for the css file https? On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Hi all, I have a Wicket application that is running over HTTPS but is rendering some images (like background images from css) over HTTP only. This causes the 'This page contains unsecure items' type warning and inspecting the Page Info from Firefox shows they are indeed being served over HTTP only. Luckily I can switch this particular site to be just HTTP and as soon as I do that, the issues go away (obviously since its all just HTTP now). However I cannot just run the entire app over HTTPS only, as this application is deployed in many different contexts by many different institutions and they may be running it over HTTP only. So can I force Wicket to render everything via HTTPS if its running over HTTPS and just normal HTTP if its running as such? Note that I have things like: .someClass { background-image: url(/library/image/silk/icon.png); } so I can't just prefix all URL links since most of them come from the CSS. thanks, Steve -- Jason Lea smime.p7s Description: S/MIME cryptographic signature
Re: wicket app over https but renders some images as http
What I meant to say was that the ContextImage and CSS looks fine, however the actual URLs it renders are all HTTP, not HTTPS when they should be. The first resource link is clearly broken. cheers, Steve On 11/02/2010, at 12:13 PM, Steve Swinsburg wrote: Hi Jeremy, For resources its rendered as http://myserver/webapp/context/resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif For a ContextImage its: img src=images/no_image.gif/ For the CSS include its: link rel=stylesheet type=text/css href=css/styles.css / It all looks fine except the styles.css that has the classes are sending the images over HTTP, and they declare like: .someClass { background-image: url(/library/image/silk/icon.png); } cheers, Steve On 11/02/2010, at 11:53 AM, Jeremy Thomerson wrote: What URL does Wicket generate in your HTML? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 6:46 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Note that this also happens for resources that Wicket serves, eg: resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif and ContextImages. Can I detect HTTPS and force Wicket to serve content over HTTPS? thanks, Steve On 11/02/2010, at 11:14 AM, Steve Swinsburg wrote: The request for the CSS is a renderCssReference call: response.renderCSSReference(css/styles.css); So it should be relative to what ever protocol is being used? On 11/02/2010, at 10:58 AM, jason lea wrote: The background image url is relative to the css file. Is the request for the css file https? On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Hi all, I have a Wicket application that is running over HTTPS but is rendering some images (like background images from css) over HTTP only. This causes the 'This page contains unsecure items' type warning and inspecting the Page Info from Firefox shows they are indeed being served over HTTP only. Luckily I can switch this particular site to be just HTTP and as soon as I do that, the issues go away (obviously since its all just HTTP now). However I cannot just run the entire app over HTTPS only, as this application is deployed in many different contexts by many different institutions and they may be running it over HTTP only. So can I force Wicket to render everything via HTTPS if its running over HTTPS and just normal HTTP if its running as such? Note that I have things like: .someClass { background-image: url(/library/image/silk/icon.png); } so I can't just prefix all URL links since most of them come from the CSS. thanks, Steve -- Jason Lea smime.p7s Description: S/MIME cryptographic signature
Re: wicket app over https but renders some images as http
and the URL for your page in the Location bar *is* https? On Feb 10, 2010, at 5:55 PM, Steve Swinsburg wrote: What I meant to say was that the ContextImage and CSS looks fine, however the actual URLs it renders are all HTTP, not HTTPS when they should be. The first resource link is clearly broken. cheers, Steve On 11/02/2010, at 12:13 PM, Steve Swinsburg wrote: Hi Jeremy, For resources its rendered as http://myserver/webapp/context/resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif For a ContextImage its: img src=images/no_image.gif/ For the CSS include its: link rel=stylesheet type=text/css href=css/styles.css / It all looks fine except the styles.css that has the classes are sending the images over HTTP, and they declare like: .someClass { background-image: url(/library/image/silk/icon.png); } cheers, Steve On 11/02/2010, at 11:53 AM, Jeremy Thomerson wrote: What URL does Wicket generate in your HTML? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 6:46 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Note that this also happens for resources that Wicket serves, eg: resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif and ContextImages. Can I detect HTTPS and force Wicket to serve content over HTTPS? thanks, Steve On 11/02/2010, at 11:14 AM, Steve Swinsburg wrote: The request for the CSS is a renderCssReference call: response.renderCSSReference(css/styles.css); So it should be relative to what ever protocol is being used? On 11/02/2010, at 10:58 AM, jason lea wrote: The background image url is relative to the css file. Is the request for the css file https? On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Hi all, I have a Wicket application that is running over HTTPS but is rendering some images (like background images from css) over HTTP only. This causes the 'This page contains unsecure items' type warning and inspecting the Page Info from Firefox shows they are indeed being served over HTTP only. Luckily I can switch this particular site to be just HTTP and as soon as I do that, the issues go away (obviously since its all just HTTP now). However I cannot just run the entire app over HTTPS only, as this application is deployed in many different contexts by many different institutions and they may be running it over HTTP only. So can I force Wicket to render everything via HTTPS if its running over HTTPS and just normal HTTP if its running as such? Note that I have things like: .someClass { background-image: url(/library/image/silk/icon.png); } so I can't just prefix all URL links since most of them come from the CSS. thanks, Steve -- Jason Lea To our success! Mystic Coders, LLC | Code Magic | www.mysticcoders.com ANDREW LOMBARDI | and...@mysticcoders.com 2321 E 4th St. Ste C-128, Santa Ana CA 92705 ofc: 714-816-4488 fax: 714-782-6024 cell: 714-697-8046 linked-in: http://www.linkedin.com/in/andrewlombardi twitter: http://www.twitter.com/kinabalu Eco-Tip: Printing e-mails is usually a waste. This message is for the named person's use only. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient.
Re: wicket app over https but renders some images as http
Yes. And thats how I can confirm it breaks when I change the address to just http. Both http and https work on this particular site which makes it easy for testing. The address is https and then it renders the content in an iframe with source attribute that is also https (I'm working in a portal framework). On 11/02/2010, at 1:00 PM, Andrew Lombardi wrote: and the URL for your page in the Location bar *is* https? On Feb 10, 2010, at 5:55 PM, Steve Swinsburg wrote: What I meant to say was that the ContextImage and CSS looks fine, however the actual URLs it renders are all HTTP, not HTTPS when they should be. The first resource link is clearly broken. cheers, Steve On 11/02/2010, at 12:13 PM, Steve Swinsburg wrote: Hi Jeremy, For resources its rendered as http://myserver/webapp/context/resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif For a ContextImage its: img src=images/no_image.gif/ For the CSS include its: link rel=stylesheet type=text/css href=css/styles.css / It all looks fine except the styles.css that has the classes are sending the images over HTTP, and they declare like: .someClass { background-image: url(/library/image/silk/icon.png); } cheers, Steve On 11/02/2010, at 11:53 AM, Jeremy Thomerson wrote: What URL does Wicket generate in your HTML? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 6:46 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Note that this also happens for resources that Wicket serves, eg: resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif and ContextImages. Can I detect HTTPS and force Wicket to serve content over HTTPS? thanks, Steve On 11/02/2010, at 11:14 AM, Steve Swinsburg wrote: The request for the CSS is a renderCssReference call: response.renderCSSReference(css/styles.css); So it should be relative to what ever protocol is being used? On 11/02/2010, at 10:58 AM, jason lea wrote: The background image url is relative to the css file. Is the request for the css file https? On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Hi all, I have a Wicket application that is running over HTTPS but is rendering some images (like background images from css) over HTTP only. This causes the 'This page contains unsecure items' type warning and inspecting the Page Info from Firefox shows they are indeed being served over HTTP only. Luckily I can switch this particular site to be just HTTP and as soon as I do that, the issues go away (obviously since its all just HTTP now). However I cannot just run the entire app over HTTPS only, as this application is deployed in many different contexts by many different institutions and they may be running it over HTTP only. So can I force Wicket to render everything via HTTPS if its running over HTTPS and just normal HTTP if its running as such? Note that I have things like: .someClass { background-image: url(/library/image/silk/icon.png); } so I can't just prefix all URL links since most of them come from the CSS. thanks, Steve -- Jason Lea To our success! Mystic Coders, LLC | Code Magic | www.mysticcoders.com ANDREW LOMBARDI | and...@mysticcoders.com 2321 E 4th St. Ste C-128, Santa Ana CA 92705 ofc: 714-816-4488 fax: 714-782-6024 cell: 714-697-8046 linked-in: http://www.linkedin.com/in/andrewlombardi twitter: http://www.twitter.com/kinabalu Eco-Tip: Printing e-mails is usually a waste. This message is for the named person's use only. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. smime.p7s Description: S/MIME cryptographic signature
Re: wicket app over https but renders some images as http
Edit: ... thats how I can confirm it was broken, because when I change it to http it works. On 11/02/2010, at 1:26 PM, Steve Swinsburg wrote: Yes. And thats how I can confirm it breaks when I change the address to just http. Both http and https work on this particular site which makes it easy for testing. The address is https and then it renders the content in an iframe with source attribute that is also https (I'm working in a portal framework). On 11/02/2010, at 1:00 PM, Andrew Lombardi wrote: and the URL for your page in the Location bar *is* https? On Feb 10, 2010, at 5:55 PM, Steve Swinsburg wrote: What I meant to say was that the ContextImage and CSS looks fine, however the actual URLs it renders are all HTTP, not HTTPS when they should be. The first resource link is clearly broken. cheers, Steve On 11/02/2010, at 12:13 PM, Steve Swinsburg wrote: Hi Jeremy, For resources its rendered as http://myserver/webapp/context/resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif For a ContextImage its: img src=images/no_image.gif/ For the CSS include its: link rel=stylesheet type=text/css href=css/styles.css / It all looks fine except the styles.css that has the classes are sending the images over HTTP, and they declare like: .someClass { background-image: url(/library/image/silk/icon.png); } cheers, Steve On 11/02/2010, at 11:53 AM, Jeremy Thomerson wrote: What URL does Wicket generate in your HTML? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 6:46 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Note that this also happens for resources that Wicket serves, eg: resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif and ContextImages. Can I detect HTTPS and force Wicket to serve content over HTTPS? thanks, Steve On 11/02/2010, at 11:14 AM, Steve Swinsburg wrote: The request for the CSS is a renderCssReference call: response.renderCSSReference(css/styles.css); So it should be relative to what ever protocol is being used? On 11/02/2010, at 10:58 AM, jason lea wrote: The background image url is relative to the css file. Is the request for the css file https? On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Hi all, I have a Wicket application that is running over HTTPS but is rendering some images (like background images from css) over HTTP only. This causes the 'This page contains unsecure items' type warning and inspecting the Page Info from Firefox shows they are indeed being served over HTTP only. Luckily I can switch this particular site to be just HTTP and as soon as I do that, the issues go away (obviously since its all just HTTP now). However I cannot just run the entire app over HTTPS only, as this application is deployed in many different contexts by many different institutions and they may be running it over HTTP only. So can I force Wicket to render everything via HTTPS if its running over HTTPS and just normal HTTP if its running as such? Note that I have things like: .someClass { background-image: url(/library/image/silk/icon.png); } so I can't just prefix all URL links since most of them come from the CSS. thanks, Steve -- Jason Lea To our success! Mystic Coders, LLC | Code Magic | www.mysticcoders.com ANDREW LOMBARDI | and...@mysticcoders.com 2321 E 4th St. Ste C-128, Santa Ana CA 92705 ofc: 714-816-4488 fax: 714-782-6024 cell: 714-697-8046 linked-in: http://www.linkedin.com/in/andrewlombardi twitter: http://www.twitter.com/kinabalu Eco-Tip: Printing e-mails is usually a waste. This message is for the named person's use only. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. smime.p7s Description: S/MIME cryptographic signature
Re: wicket app over https but renders some images as http
Well, can you paste the actual html that is generated that links to your stylesheet on the https page? Because what you pasted earlier was a relative URL, which would mean that the browser would make it https as well. So, they're some piece of the puzzle we haven't received yet. Perhaps you could browse to the https page, view source, copy the whole source into pastebin and send it? Are you using iframes or anything? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 8:29 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Edit: ... thats how I can confirm it was broken, because when I change it to http it works. On 11/02/2010, at 1:26 PM, Steve Swinsburg wrote: Yes. And thats how I can confirm it breaks when I change the address to just http. Both http and https work on this particular site which makes it easy for testing. The address is https and then it renders the content in an iframe with source attribute that is also https (I'm working in a portal framework). On 11/02/2010, at 1:00 PM, Andrew Lombardi wrote: and the URL for your page in the Location bar *is* https? On Feb 10, 2010, at 5:55 PM, Steve Swinsburg wrote: What I meant to say was that the ContextImage and CSS looks fine, however the actual URLs it renders are all HTTP, not HTTPS when they should be. The first resource link is clearly broken. cheers, Steve On 11/02/2010, at 12:13 PM, Steve Swinsburg wrote: Hi Jeremy, For resources its rendered as http://myserver/webapp/context/resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif For a ContextImage its: img src=images/no_image.gif/ For the CSS include its: link rel=stylesheet type=text/css href=css/styles.css / It all looks fine except the styles.css that has the classes are sending the images over HTTP, and they declare like: .someClass { background-image: url(/library/image/silk/icon.png); } cheers, Steve On 11/02/2010, at 11:53 AM, Jeremy Thomerson wrote: What URL does Wicket generate in your HTML? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 6:46 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Note that this also happens for resources that Wicket serves, eg: resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif and ContextImages. Can I detect HTTPS and force Wicket to serve content over HTTPS? thanks, Steve On 11/02/2010, at 11:14 AM, Steve Swinsburg wrote: The request for the CSS is a renderCssReference call: response.renderCSSReference(css/styles.css); So it should be relative to what ever protocol is being used? On 11/02/2010, at 10:58 AM, jason lea wrote: The background image url is relative to the css file. Is the request for the css file https? On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Hi all, I have a Wicket application that is running over HTTPS but is rendering some images (like background images from css) over HTTP only. This causes the 'This page contains unsecure items' type warning and inspecting the Page Info from Firefox shows they are indeed being served over HTTP only. Luckily I can switch this particular site to be just HTTP and as soon as I do that, the issues go away (obviously since its all just HTTP now). However I cannot just run the entire app over HTTPS only, as this application is deployed in many different contexts by many different institutions and they may be running it over HTTP only. So can I force Wicket to render everything via HTTPS if its running over HTTPS and just normal HTTP if its running as such? Note that I have things like: .someClass { background-image: url(/library/image/silk/icon.png); } so I can't just prefix all URL links since most of them come from the CSS. thanks, Steve -- Jason Lea To our success! Mystic Coders, LLC | Code Magic | www.mysticcoders.com ANDREW LOMBARDI | and...@mysticcoders.com 2321 E 4th St. Ste C-128, Santa Ana CA 92705 ofc: 714-816-4488 fax: 714-782-6024 cell: 714-697-8046 linked-in: http://www.linkedin.com/in/andrewlombardi twitter: http://www.twitter.com/kinabalu Eco-Tip: Printing e-mails is usually a waste. This message is for the named person's use only. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient.
Re: wicket app over https but renders some images as http
your paste does not contain any absolute urls, only relative ones... -igor On Wed, Feb 10, 2010 at 7:15 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Yes, the app is rendered in an iframe as my app is deployed into a portal container. I pasted that HTML from the iframe source, but here is the whole lot: http://pastie.org/819416 Line 21 has the import for the css. Line 55 is a ContextImage The iframe source is: src=https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea?panel=Main; and that renders the tool. Using the padlock in the bottom right of Firefox, and analysing the Media, gives all images that are loaded on the page, and all of those that come from this app are http only, the rest that come from the portal container are https as normal. Changing the address to http and refreshing makes the portal container urls change to http as expected. thanks, Steve On 11/02/2010, at 1:45 PM, Jeremy Thomerson wrote: Well, can you paste the actual html that is generated that links to your stylesheet on the https page? Because what you pasted earlier was a relative URL, which would mean that the browser would make it https as well. So, they're some piece of the puzzle we haven't received yet. Perhaps you could browse to the https page, view source, copy the whole source into pastebin and send it? Are you using iframes or anything? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 8:29 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Edit: ... thats how I can confirm it was broken, because when I change it to http it works. On 11/02/2010, at 1:26 PM, Steve Swinsburg wrote: Yes. And thats how I can confirm it breaks when I change the address to just http. Both http and https work on this particular site which makes it easy for testing. The address is https and then it renders the content in an iframe with source attribute that is also https (I'm working in a portal framework). On 11/02/2010, at 1:00 PM, Andrew Lombardi wrote: and the URL for your page in the Location bar *is* https? On Feb 10, 2010, at 5:55 PM, Steve Swinsburg wrote: What I meant to say was that the ContextImage and CSS looks fine, however the actual URLs it renders are all HTTP, not HTTPS when they should be. The first resource link is clearly broken. cheers, Steve On 11/02/2010, at 12:13 PM, Steve Swinsburg wrote: Hi Jeremy, For resources its rendered as http://myserver/webapp/context/resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif For a ContextImage its: img src=images/no_image.gif/ For the CSS include its: link rel=stylesheet type=text/css href=css/styles.css / It all looks fine except the styles.css that has the classes are sending the images over HTTP, and they declare like: .someClass { background-image: url(/library/image/silk/icon.png); } cheers, Steve On 11/02/2010, at 11:53 AM, Jeremy Thomerson wrote: What URL does Wicket generate in your HTML? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 6:46 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Note that this also happens for resources that Wicket serves, eg: resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif and ContextImages. Can I detect HTTPS and force Wicket to serve content over HTTPS? thanks, Steve On 11/02/2010, at 11:14 AM, Steve Swinsburg wrote: The request for the CSS is a renderCssReference call: response.renderCSSReference(css/styles.css); So it should be relative to what ever protocol is being used? On 11/02/2010, at 10:58 AM, jason lea wrote: The background image url is relative to the css file. Is the request for the css file https? On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Hi all, I have a Wicket application that is running over HTTPS but is rendering some images (like background images from css) over HTTP only. This causes the 'This page contains unsecure items' type warning and inspecting the Page Info from Firefox shows they are indeed being served over HTTP only. Luckily I can switch this particular site to be just HTTP and as soon as I do that, the issues go away (obviously since its all just HTTP now). However I cannot just run the entire app over HTTPS only, as this application is deployed in many different contexts by many different institutions and they may be running it over HTTP only. So can I force Wicket to render everything via HTTPS if its running over HTTPS and just normal HTTP if its running as such? Note that I have things like: .someClass { background-image: url(/library/image/silk/icon.png); } so I can't just prefix all URL links since most of them come from the CSS. thanks, Steve -- Jason Lea To our success! Mystic Coders, LLC |
Re: wicket app over https but renders some images as http
Exactly. So why are they coming up as HTTP when both the URL and iframe src are both HTTPS. All resources that Wicket sends from this application are coming up as HTTP. So I am thinking it still thinks its on HTTP, not HTTPS. I'll add some logging to the Application init() to figure out if Wicket thinks its on HTTP or HTTPS. Could be the iframe? thanks, Steve On 11/02/2010, at 2:48 PM, Igor Vaynberg wrote: your paste does not contain any absolute urls, only relative ones... -igor On Wed, Feb 10, 2010 at 7:15 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Yes, the app is rendered in an iframe as my app is deployed into a portal container. I pasted that HTML from the iframe source, but here is the whole lot: http://pastie.org/819416 Line 21 has the import for the css. Line 55 is a ContextImage The iframe source is: src=https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea?panel=Main; and that renders the tool. Using the padlock in the bottom right of Firefox, and analysing the Media, gives all images that are loaded on the page, and all of those that come from this app are http only, the rest that come from the portal container are https as normal. Changing the address to http and refreshing makes the portal container urls change to http as expected. thanks, Steve On 11/02/2010, at 1:45 PM, Jeremy Thomerson wrote: Well, can you paste the actual html that is generated that links to your stylesheet on the https page? Because what you pasted earlier was a relative URL, which would mean that the browser would make it https as well. So, they're some piece of the puzzle we haven't received yet. Perhaps you could browse to the https page, view source, copy the whole source into pastebin and send it? Are you using iframes or anything? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 8:29 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Edit: ... thats how I can confirm it was broken, because when I change it to http it works. On 11/02/2010, at 1:26 PM, Steve Swinsburg wrote: Yes. And thats how I can confirm it breaks when I change the address to just http. Both http and https work on this particular site which makes it easy for testing. The address is https and then it renders the content in an iframe with source attribute that is also https (I'm working in a portal framework). On 11/02/2010, at 1:00 PM, Andrew Lombardi wrote: and the URL for your page in the Location bar *is* https? On Feb 10, 2010, at 5:55 PM, Steve Swinsburg wrote: What I meant to say was that the ContextImage and CSS looks fine, however the actual URLs it renders are all HTTP, not HTTPS when they should be. The first resource link is clearly broken. cheers, Steve On 11/02/2010, at 12:13 PM, Steve Swinsburg wrote: Hi Jeremy, For resources its rendered as http://myserver/webapp/context/resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif For a ContextImage its: img src=images/no_image.gif/ For the CSS include its: link rel=stylesheet type=text/css href=css/styles.css / It all looks fine except the styles.css that has the classes are sending the images over HTTP, and they declare like: .someClass { background-image: url(/library/image/silk/icon.png); } cheers, Steve On 11/02/2010, at 11:53 AM, Jeremy Thomerson wrote: What URL does Wicket generate in your HTML? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 6:46 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Note that this also happens for resources that Wicket serves, eg: resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif and ContextImages. Can I detect HTTPS and force Wicket to serve content over HTTPS? thanks, Steve On 11/02/2010, at 11:14 AM, Steve Swinsburg wrote: The request for the CSS is a renderCssReference call: response.renderCSSReference(css/styles.css); So it should be relative to what ever protocol is being used? On 11/02/2010, at 10:58 AM, jason lea wrote: The background image url is relative to the css file. Is the request for the css file https? On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Hi all, I have a Wicket application that is running over HTTPS but is rendering some images (like background images from css) over HTTP only. This causes the 'This page contains unsecure items' type warning and inspecting the Page Info from Firefox shows they are indeed being served over HTTP only. Luckily I can switch this particular site to be just HTTP and as soon as I do that, the issues go away (obviously since its all just HTTP now). However I cannot just run the entire app over HTTPS only, as this
Re: wicket app over https but renders some images as http
What I've suspected all along is that your main page MAY be loaded https, but that your iframe src is actually ending up http. do this (in firefox): pull up the app in https, right click in the iframe, click this frame, click show only this frame. is the url that appears with the iframe content https? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 9:57 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Exactly. So why are they coming up as HTTP when both the URL and iframe src are both HTTPS. All resources that Wicket sends from this application are coming up as HTTP. So I am thinking it still thinks its on HTTP, not HTTPS. I'll add some logging to the Application init() to figure out if Wicket thinks its on HTTP or HTTPS. Could be the iframe? thanks, Steve On 11/02/2010, at 2:48 PM, Igor Vaynberg wrote: your paste does not contain any absolute urls, only relative ones... -igor On Wed, Feb 10, 2010 at 7:15 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Yes, the app is rendered in an iframe as my app is deployed into a portal container. I pasted that HTML from the iframe source, but here is the whole lot: http://pastie.org/819416 Line 21 has the import for the css. Line 55 is a ContextImage The iframe source is: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea?panel=Main and that renders the tool. Using the padlock in the bottom right of Firefox, and analysing the Media, gives all images that are loaded on the page, and all of those that come from this app are http only, the rest that come from the portal container are https as normal. Changing the address to http and refreshing makes the portal container urls change to http as expected. thanks, Steve On 11/02/2010, at 1:45 PM, Jeremy Thomerson wrote: Well, can you paste the actual html that is generated that links to your stylesheet on the https page? Because what you pasted earlier was a relative URL, which would mean that the browser would make it https as well. So, they're some piece of the puzzle we haven't received yet. Perhaps you could browse to the https page, view source, copy the whole source into pastebin and send it? Are you using iframes or anything? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 8:29 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Edit: ... thats how I can confirm it was broken, because when I change it to http it works. On 11/02/2010, at 1:26 PM, Steve Swinsburg wrote: Yes. And thats how I can confirm it breaks when I change the address to just http. Both http and https work on this particular site which makes it easy for testing. The address is https and then it renders the content in an iframe with source attribute that is also https (I'm working in a portal framework). On 11/02/2010, at 1:00 PM, Andrew Lombardi wrote: and the URL for your page in the Location bar *is* https? On Feb 10, 2010, at 5:55 PM, Steve Swinsburg wrote: What I meant to say was that the ContextImage and CSS looks fine, however the actual URLs it renders are all HTTP, not HTTPS when they should be. The first resource link is clearly broken. cheers, Steve On 11/02/2010, at 12:13 PM, Steve Swinsburg wrote: Hi Jeremy, For resources its rendered as http://myserver/webapp/context/resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif For a ContextImage its: img src=images/no_image.gif/ For the CSS include its: link rel=stylesheet type=text/css href=css/styles.css / It all looks fine except the styles.css that has the classes are sending the images over HTTP, and they declare like: .someClass { background-image: url(/library/image/silk/icon.png); } cheers, Steve On 11/02/2010, at 11:53 AM, Jeremy Thomerson wrote: What URL does Wicket generate in your HTML? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 6:46 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Note that this also happens for resources that Wicket serves, eg: resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif and ContextImages. Can I detect HTTPS and force Wicket to serve content over HTTPS? thanks, Steve On 11/02/2010, at 11:14 AM, Steve Swinsburg wrote: The request for the CSS is a renderCssReference call: response.renderCSSReference(css/styles.css); So it should be relative to what ever protocol is being used? On 11/02/2010, at 10:58 AM, jason lea wrote: The background image url is relative to the css file. Is the request for the css file https? On Thu, Feb 11, 2010 at 12:35 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Hi all, I
Re: wicket app over https but renders some images as http
Ok I did that, the Wicket app comes up as as HTTP, however if I do the same thing to any that renders in the same style of iframe, it's HTTPS. these tools are other display technologies, like JSF, Velocity, etc. Here's the first Wicket app: http://server.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea/?panel=Main Here's a Velocity app in in the same page: https://server.edu.au/portal/tool/f85ba967-614f-4d5d-81cc-1d931f660b93?panel=Main The URL of the entire site is: https://server.edu.au/portal/site/test123/page/3881df23-3931-4928-9d36-702629927ba0 I have another Wicket app that another developer wrote, same thing, HTTP only. So it's only Wicket tools that are doing this. thanks, Steve On 11/02/2010, at 3:22 PM, Jeremy Thomerson wrote: What I've suspected all along is that your main page MAY be loaded https, but that your iframe src is actually ending up http. do this (in firefox): pull up the app in https, right click in the iframe, click this frame, click show only this frame. is the url that appears with the iframe content https? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 9:57 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Exactly. So why are they coming up as HTTP when both the URL and iframe src are both HTTPS. All resources that Wicket sends from this application are coming up as HTTP. So I am thinking it still thinks its on HTTP, not HTTPS. I'll add some logging to the Application init() to figure out if Wicket thinks its on HTTP or HTTPS. Could be the iframe? thanks, Steve On 11/02/2010, at 2:48 PM, Igor Vaynberg wrote: your paste does not contain any absolute urls, only relative ones... -igor On Wed, Feb 10, 2010 at 7:15 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Yes, the app is rendered in an iframe as my app is deployed into a portal container. I pasted that HTML from the iframe source, but here is the whole lot: http://pastie.org/819416 Line 21 has the import for the css. Line 55 is a ContextImage The iframe source is: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea?panel=Main and that renders the tool. Using the padlock in the bottom right of Firefox, and analysing the Media, gives all images that are loaded on the page, and all of those that come from this app are http only, the rest that come from the portal container are https as normal. Changing the address to http and refreshing makes the portal container urls change to http as expected. thanks, Steve On 11/02/2010, at 1:45 PM, Jeremy Thomerson wrote: Well, can you paste the actual html that is generated that links to your stylesheet on the https page? Because what you pasted earlier was a relative URL, which would mean that the browser would make it https as well. So, they're some piece of the puzzle we haven't received yet. Perhaps you could browse to the https page, view source, copy the whole source into pastebin and send it? Are you using iframes or anything? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 8:29 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Edit: ... thats how I can confirm it was broken, because when I change it to http it works. On 11/02/2010, at 1:26 PM, Steve Swinsburg wrote: Yes. And thats how I can confirm it breaks when I change the address to just http. Both http and https work on this particular site which makes it easy for testing. The address is https and then it renders the content in an iframe with source attribute that is also https (I'm working in a portal framework). On 11/02/2010, at 1:00 PM, Andrew Lombardi wrote: and the URL for your page in the Location bar *is* https? On Feb 10, 2010, at 5:55 PM, Steve Swinsburg wrote: What I meant to say was that the ContextImage and CSS looks fine, however the actual URLs it renders are all HTTP, not HTTPS when they should be. The first resource link is clearly broken. cheers, Steve On 11/02/2010, at 12:13 PM, Steve Swinsburg wrote: Hi Jeremy, For resources its rendered as http://myserver/webapp/context/resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif For a ContextImage its: img src=images/no_image.gif/ For the CSS include its: link rel=stylesheet type=text/css href=css/styles.css / It all looks fine except the styles.css that has the classes are sending the images over HTTP, and they declare like: .someClass { background-image: url(/library/image/silk/icon.png); } cheers, Steve On 11/02/2010, at 11:53 AM, Jeremy Thomerson wrote: What URL does Wicket generate in your HTML? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 6:46 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Note that this also happens for resources that Wicket
Re: wicket app over https but renders some images as http
what's the code you're using to render the link for the iframe in wicket? have you pasted that yet? On Feb 10, 2010, at 8:32 PM, Steve Swinsburg wrote: Ok I did that, the Wicket app comes up as as HTTP, however if I do the same thing to any that renders in the same style of iframe, it's HTTPS. these tools are other display technologies, like JSF, Velocity, etc. Here's the first Wicket app: http://server.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea/?panel=Main Here's a Velocity app in in the same page: https://server.edu.au/portal/tool/f85ba967-614f-4d5d-81cc-1d931f660b93?panel=Main The URL of the entire site is: https://server.edu.au/portal/site/test123/page/3881df23-3931-4928-9d36-702629927ba0 I have another Wicket app that another developer wrote, same thing, HTTP only. So it's only Wicket tools that are doing this. thanks, Steve On 11/02/2010, at 3:22 PM, Jeremy Thomerson wrote: What I've suspected all along is that your main page MAY be loaded https, but that your iframe src is actually ending up http. do this (in firefox): pull up the app in https, right click in the iframe, click this frame, click show only this frame. is the url that appears with the iframe content https? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 9:57 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Exactly. So why are they coming up as HTTP when both the URL and iframe src are both HTTPS. All resources that Wicket sends from this application are coming up as HTTP. So I am thinking it still thinks its on HTTP, not HTTPS. I'll add some logging to the Application init() to figure out if Wicket thinks its on HTTP or HTTPS. Could be the iframe? thanks, Steve On 11/02/2010, at 2:48 PM, Igor Vaynberg wrote: your paste does not contain any absolute urls, only relative ones... -igor On Wed, Feb 10, 2010 at 7:15 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Yes, the app is rendered in an iframe as my app is deployed into a portal container. I pasted that HTML from the iframe source, but here is the whole lot: http://pastie.org/819416 Line 21 has the import for the css. Line 55 is a ContextImage The iframe source is: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea?panel=Main and that renders the tool. Using the padlock in the bottom right of Firefox, and analysing the Media, gives all images that are loaded on the page, and all of those that come from this app are http only, the rest that come from the portal container are https as normal. Changing the address to http and refreshing makes the portal container urls change to http as expected. thanks, Steve On 11/02/2010, at 1:45 PM, Jeremy Thomerson wrote: Well, can you paste the actual html that is generated that links to your stylesheet on the https page? Because what you pasted earlier was a relative URL, which would mean that the browser would make it https as well. So, they're some piece of the puzzle we haven't received yet. Perhaps you could browse to the https page, view source, copy the whole source into pastebin and send it? Are you using iframes or anything? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 8:29 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Edit: ... thats how I can confirm it was broken, because when I change it to http it works. On 11/02/2010, at 1:26 PM, Steve Swinsburg wrote: Yes. And thats how I can confirm it breaks when I change the address to just http. Both http and https work on this particular site which makes it easy for testing. The address is https and then it renders the content in an iframe with source attribute that is also https (I'm working in a portal framework). On 11/02/2010, at 1:00 PM, Andrew Lombardi wrote: and the URL for your page in the Location bar *is* https? On Feb 10, 2010, at 5:55 PM, Steve Swinsburg wrote: What I meant to say was that the ContextImage and CSS looks fine, however the actual URLs it renders are all HTTP, not HTTPS when they should be. The first resource link is clearly broken. cheers, Steve On 11/02/2010, at 12:13 PM, Steve Swinsburg wrote: Hi Jeremy, For resources its rendered as http://myserver/webapp/context/resources/org.apache.wicket.ajax.AbstractDefaultBehaviour/indicator.gif For a ContextImage its: img src=images/no_image.gif/ For the CSS include its: link rel=stylesheet type=text/css href=css/styles.css / It all looks fine except the styles.css that has the classes are sending the images over HTTP, and they declare like: .someClass { background-image: url(/library/image/silk/icon.png); } cheers, Steve On 11/02/2010, at 11:53 AM, Jeremy Thomerson wrote: What URL does Wicket generate in your HTML? -- Jeremy Thomerson
Re: wicket app over https but renders some images as http
okay, so now at least we know what's causing it. the frame is redirected to http. now, we have to determine what's making your wicket request redirect to http. you might supply a couple things: - your web.xml for the wicket app - any customized code you have in the request cycle processor - an idea of what kind of app - i.e. are you inheriting from a non-standard application class (say, spring*application, brix*application, etc...) that might be controlling the request cycle? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 10:49 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: It's done by the portal, but it renders an iframe of source: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea Which is the direct link to the tool instance. So it appears to be HTTPS, but then reverts to HTTP for some reason. If I go to that URL in my browser, with HTTPS intact, it will revert to HTTP in front of me. If I grab the iframe source for another tool, say a Velocity based tool, the url is similar, still HTTPS, and stays HTTPS when viewing it. thanks, Steve On 11/02/2010, at 3:36 PM, Andrew Lombardi wrote: what's the code you're using to render the link for the iframe in wicket? have you pasted that yet? On Feb 10, 2010, at 8:32 PM, Steve Swinsburg wrote: Ok I did that, the Wicket app comes up as as HTTP, however if I do the same thing to any that renders in the same style of iframe, it's HTTPS. these tools are other display technologies, like JSF, Velocity, etc. Here's the first Wicket app: http://server.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea/?panel=Main Here's a Velocity app in in the same page: https://server.edu.au/portal/tool/f85ba967-614f-4d5d-81cc-1d931f660b93?panel=Main The URL of the entire site is: https://server.edu.au/portal/site/test123/page/3881df23-3931-4928-9d36-702629927ba0 I have another Wicket app that another developer wrote, same thing, HTTP only. So it's only Wicket tools that are doing this. thanks, Steve On 11/02/2010, at 3:22 PM, Jeremy Thomerson wrote: What I've suspected all along is that your main page MAY be loaded https, but that your iframe src is actually ending up http. do this (in firefox): pull up the app in https, right click in the iframe, click this frame, click show only this frame. is the url that appears with the iframe content https? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 9:57 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Exactly. So why are they coming up as HTTP when both the URL and iframe src are both HTTPS. All resources that Wicket sends from this application are coming up as HTTP. So I am thinking it still thinks its on HTTP, not HTTPS. I'll add some logging to the Application init() to figure out if Wicket thinks its on HTTP or HTTPS. Could be the iframe? thanks, Steve On 11/02/2010, at 2:48 PM, Igor Vaynberg wrote: your paste does not contain any absolute urls, only relative ones... -igor On Wed, Feb 10, 2010 at 7:15 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Yes, the app is rendered in an iframe as my app is deployed into a portal container. I pasted that HTML from the iframe source, but here is the whole lot: http://pastie.org/819416 Line 21 has the import for the css. Line 55 is a ContextImage The iframe source is: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea?panel=Main and that renders the tool. Using the padlock in the bottom right of Firefox, and analysing the Media, gives all images that are loaded on the page, and all of those that come from this app are http only, the rest that come from the portal container are https as normal. Changing the address to http and refreshing makes the portal container urls change to http as expected. thanks, Steve On 11/02/2010, at 1:45 PM, Jeremy Thomerson wrote: Well, can you paste the actual html that is generated that links to your stylesheet on the https page? Because what you pasted earlier was a relative URL, which would mean that the browser would make it https as well. So, they're some piece of the puzzle we haven't received yet. Perhaps you could browse to the https page, view source, copy the whole source into pastebin and send it? Are you using iframes or anything? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 8:29 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Edit: ... thats how I can confirm it was broken, because when I change it to http it works. On 11/02/2010, at 1:26 PM, Steve Swinsburg wrote: Yes. And thats how I can confirm it breaks when I change the address to just http. Both http and https work on this particular site which makes it easy for testing. The address is https and then
Re: wicket app over https but renders some images as http
Ok the web.xml http://pastie.org/819535 Note that requests ARE filtered through the portal's request filter, however one would assume that if it's going to change HTTPS to HTTP, it would do so for ALL tools, not just Wicket ones. The rest is all standard stuff extending WebApplication and the Application.init() is pretty much empty except for things like setting the expired page, stripping the Wicket tags, etc etc, a couple of snippets on how it gets from the Application to the first page: http://pastie.org/819541 And the BasePage: http://pastie.org/819544 thanks, Steve On 11/02/2010, at 3:57 PM, Jeremy Thomerson wrote: okay, so now at least we know what's causing it. the frame is redirected to http. now, we have to determine what's making your wicket request redirect to http. you might supply a couple things: - your web.xml for the wicket app - any customized code you have in the request cycle processor - an idea of what kind of app - i.e. are you inheriting from a non-standard application class (say, spring*application, brix*application, etc...) that might be controlling the request cycle? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 10:49 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: It's done by the portal, but it renders an iframe of source: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea Which is the direct link to the tool instance. So it appears to be HTTPS, but then reverts to HTTP for some reason. If I go to that URL in my browser, with HTTPS intact, it will revert to HTTP in front of me. If I grab the iframe source for another tool, say a Velocity based tool, the url is similar, still HTTPS, and stays HTTPS when viewing it. thanks, Steve On 11/02/2010, at 3:36 PM, Andrew Lombardi wrote: what's the code you're using to render the link for the iframe in wicket? have you pasted that yet? On Feb 10, 2010, at 8:32 PM, Steve Swinsburg wrote: Ok I did that, the Wicket app comes up as as HTTP, however if I do the same thing to any that renders in the same style of iframe, it's HTTPS. these tools are other display technologies, like JSF, Velocity, etc. Here's the first Wicket app: http://server.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea/?panel=Main Here's a Velocity app in in the same page: https://server.edu.au/portal/tool/f85ba967-614f-4d5d-81cc-1d931f660b93?panel=Main The URL of the entire site is: https://server.edu.au/portal/site/test123/page/3881df23-3931-4928-9d36-702629927ba0 I have another Wicket app that another developer wrote, same thing, HTTP only. So it's only Wicket tools that are doing this. thanks, Steve On 11/02/2010, at 3:22 PM, Jeremy Thomerson wrote: What I've suspected all along is that your main page MAY be loaded https, but that your iframe src is actually ending up http. do this (in firefox): pull up the app in https, right click in the iframe, click this frame, click show only this frame. is the url that appears with the iframe content https? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 9:57 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Exactly. So why are they coming up as HTTP when both the URL and iframe src are both HTTPS. All resources that Wicket sends from this application are coming up as HTTP. So I am thinking it still thinks its on HTTP, not HTTPS. I'll add some logging to the Application init() to figure out if Wicket thinks its on HTTP or HTTPS. Could be the iframe? thanks, Steve On 11/02/2010, at 2:48 PM, Igor Vaynberg wrote: your paste does not contain any absolute urls, only relative ones... -igor On Wed, Feb 10, 2010 at 7:15 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Yes, the app is rendered in an iframe as my app is deployed into a portal container. I pasted that HTML from the iframe source, but here is the whole lot: http://pastie.org/819416 Line 21 has the import for the css. Line 55 is a ContextImage The iframe source is: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea?panel=Main and that renders the tool. Using the padlock in the bottom right of Firefox, and analysing the Media, gives all images that are loaded on the page, and all of those that come from this app are http only, the rest that come from the portal container are https as normal. Changing the address to http and refreshing makes the portal container urls change to http as expected. thanks, Steve On 11/02/2010, at 1:45 PM, Jeremy Thomerson wrote: Well, can you paste the actual html that is generated that links to your stylesheet on the https page? Because what you pasted earlier was a relative URL, which would mean that
Re: wicket app over https but renders some images as http
it may be that this servlet filter is rewriting any redirects. by default wicket uses redirect to buffer pattern, i doubt velocity or your other tools are doing something similar. try changing the rendering pattern in wicket to direct_to_render and see if that helps. -igor On Wed, Feb 10, 2010 at 8:49 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: It's done by the portal, but it renders an iframe of source: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea Which is the direct link to the tool instance. So it appears to be HTTPS, but then reverts to HTTP for some reason. If I go to that URL in my browser, with HTTPS intact, it will revert to HTTP in front of me. If I grab the iframe source for another tool, say a Velocity based tool, the url is similar, still HTTPS, and stays HTTPS when viewing it. thanks, Steve On 11/02/2010, at 3:36 PM, Andrew Lombardi wrote: what's the code you're using to render the link for the iframe in wicket? have you pasted that yet? On Feb 10, 2010, at 8:32 PM, Steve Swinsburg wrote: Ok I did that, the Wicket app comes up as as HTTP, however if I do the same thing to any that renders in the same style of iframe, it's HTTPS. these tools are other display technologies, like JSF, Velocity, etc. Here's the first Wicket app: http://server.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea/?panel=Main Here's a Velocity app in in the same page: https://server.edu.au/portal/tool/f85ba967-614f-4d5d-81cc-1d931f660b93?panel=Main The URL of the entire site is: https://server.edu.au/portal/site/test123/page/3881df23-3931-4928-9d36-702629927ba0 I have another Wicket app that another developer wrote, same thing, HTTP only. So it's only Wicket tools that are doing this. thanks, Steve On 11/02/2010, at 3:22 PM, Jeremy Thomerson wrote: What I've suspected all along is that your main page MAY be loaded https, but that your iframe src is actually ending up http. do this (in firefox): pull up the app in https, right click in the iframe, click this frame, click show only this frame. is the url that appears with the iframe content https? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 9:57 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Exactly. So why are they coming up as HTTP when both the URL and iframe src are both HTTPS. All resources that Wicket sends from this application are coming up as HTTP. So I am thinking it still thinks its on HTTP, not HTTPS. I'll add some logging to the Application init() to figure out if Wicket thinks its on HTTP or HTTPS. Could be the iframe? thanks, Steve On 11/02/2010, at 2:48 PM, Igor Vaynberg wrote: your paste does not contain any absolute urls, only relative ones... -igor On Wed, Feb 10, 2010 at 7:15 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Yes, the app is rendered in an iframe as my app is deployed into a portal container. I pasted that HTML from the iframe source, but here is the whole lot: http://pastie.org/819416 Line 21 has the import for the css. Line 55 is a ContextImage The iframe source is: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea?panel=Main and that renders the tool. Using the padlock in the bottom right of Firefox, and analysing the Media, gives all images that are loaded on the page, and all of those that come from this app are http only, the rest that come from the portal container are https as normal. Changing the address to http and refreshing makes the portal container urls change to http as expected. thanks, Steve On 11/02/2010, at 1:45 PM, Jeremy Thomerson wrote: Well, can you paste the actual html that is generated that links to your stylesheet on the https page? Because what you pasted earlier was a relative URL, which would mean that the browser would make it https as well. So, they're some piece of the puzzle we haven't received yet. Perhaps you could browse to the https page, view source, copy the whole source into pastebin and send it? Are you using iframes or anything? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 8:29 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Edit: ... thats how I can confirm it was broken, because when I change it to http it works. On 11/02/2010, at 1:26 PM, Steve Swinsburg wrote: Yes. And thats how I can confirm it breaks when I change the address to just http. Both http and https work on this particular site which makes it easy for testing. The address is https and then it renders the content in an iframe with source attribute that is also https (I'm working in a portal framework). On 11/02/2010, at 1:00 PM, Andrew Lombardi wrote: and the URL for your page in the Location bar *is* https? On Feb 10, 2010, at 5:55 PM, Steve Swinsburg wrote: What I meant to
Re: wicket app over https but renders some images as http
The interesting thing is that I am unable to reproduce this locally, the iframe is served over HTTPS in my local instance but broken in production. So I'm starting to think it's a Tomcat config issue. I've sent a note out to the sysadmin to check the Tomcat connector settings. One thing is that the prod instance is using Apache in front of Tomcat, but I am just using an SSL enabled Tomcat. I'mm bring up an Apache instance and see if I can break it. Igor how do I change the rendering pattern? I will try that locally. thanks. Steve On 11/02/2010, at 6:11 PM, Igor Vaynberg wrote: it may be that this servlet filter is rewriting any redirects. by default wicket uses redirect to buffer pattern, i doubt velocity or your other tools are doing something similar. try changing the rendering pattern in wicket to direct_to_render and see if that helps. -igor On Wed, Feb 10, 2010 at 8:49 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: It's done by the portal, but it renders an iframe of source: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea Which is the direct link to the tool instance. So it appears to be HTTPS, but then reverts to HTTP for some reason. If I go to that URL in my browser, with HTTPS intact, it will revert to HTTP in front of me. If I grab the iframe source for another tool, say a Velocity based tool, the url is similar, still HTTPS, and stays HTTPS when viewing it. thanks, Steve On 11/02/2010, at 3:36 PM, Andrew Lombardi wrote: what's the code you're using to render the link for the iframe in wicket? have you pasted that yet? On Feb 10, 2010, at 8:32 PM, Steve Swinsburg wrote: Ok I did that, the Wicket app comes up as as HTTP, however if I do the same thing to any that renders in the same style of iframe, it's HTTPS. these tools are other display technologies, like JSF, Velocity, etc. Here's the first Wicket app: http://server.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea/?panel=Main Here's a Velocity app in in the same page: https://server.edu.au/portal/tool/f85ba967-614f-4d5d-81cc-1d931f660b93?panel=Main The URL of the entire site is: https://server.edu.au/portal/site/test123/page/3881df23-3931-4928-9d36-702629927ba0 I have another Wicket app that another developer wrote, same thing, HTTP only. So it's only Wicket tools that are doing this. thanks, Steve On 11/02/2010, at 3:22 PM, Jeremy Thomerson wrote: What I've suspected all along is that your main page MAY be loaded https, but that your iframe src is actually ending up http. do this (in firefox): pull up the app in https, right click in the iframe, click this frame, click show only this frame. is the url that appears with the iframe content https? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 9:57 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Exactly. So why are they coming up as HTTP when both the URL and iframe src are both HTTPS. All resources that Wicket sends from this application are coming up as HTTP. So I am thinking it still thinks its on HTTP, not HTTPS. I'll add some logging to the Application init() to figure out if Wicket thinks its on HTTP or HTTPS. Could be the iframe? thanks, Steve On 11/02/2010, at 2:48 PM, Igor Vaynberg wrote: your paste does not contain any absolute urls, only relative ones... -igor On Wed, Feb 10, 2010 at 7:15 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Yes, the app is rendered in an iframe as my app is deployed into a portal container. I pasted that HTML from the iframe source, but here is the whole lot: http://pastie.org/819416 Line 21 has the import for the css. Line 55 is a ContextImage The iframe source is: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea?panel=Main and that renders the tool. Using the padlock in the bottom right of Firefox, and analysing the Media, gives all images that are loaded on the page, and all of those that come from this app are http only, the rest that come from the portal container are https as normal. Changing the address to http and refreshing makes the portal container urls change to http as expected. thanks, Steve On 11/02/2010, at 1:45 PM, Jeremy Thomerson wrote: Well, can you paste the actual html that is generated that links to your stylesheet on the https page? Because what you pasted earlier was a relative URL, which would mean that the browser would make it https as well. So, they're some piece of the puzzle we haven't received yet. Perhaps you could browse to the https page, view source, copy the whole source into pastebin and send it? Are you using iframes or anything? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 8:29 PM, Steve Swinsburg
Re: wicket app over https but renders some images as http
getrequestcyclesettings().setrenderstrategy(one_pass_render) -igor On Wed, Feb 10, 2010 at 11:20 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: The interesting thing is that I am unable to reproduce this locally, the iframe is served over HTTPS in my local instance but broken in production. So I'm starting to think it's a Tomcat config issue. I've sent a note out to the sysadmin to check the Tomcat connector settings. One thing is that the prod instance is using Apache in front of Tomcat, but I am just using an SSL enabled Tomcat. I'mm bring up an Apache instance and see if I can break it. Igor how do I change the rendering pattern? I will try that locally. thanks. Steve On 11/02/2010, at 6:11 PM, Igor Vaynberg wrote: it may be that this servlet filter is rewriting any redirects. by default wicket uses redirect to buffer pattern, i doubt velocity or your other tools are doing something similar. try changing the rendering pattern in wicket to direct_to_render and see if that helps. -igor On Wed, Feb 10, 2010 at 8:49 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: It's done by the portal, but it renders an iframe of source: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea Which is the direct link to the tool instance. So it appears to be HTTPS, but then reverts to HTTP for some reason. If I go to that URL in my browser, with HTTPS intact, it will revert to HTTP in front of me. If I grab the iframe source for another tool, say a Velocity based tool, the url is similar, still HTTPS, and stays HTTPS when viewing it. thanks, Steve On 11/02/2010, at 3:36 PM, Andrew Lombardi wrote: what's the code you're using to render the link for the iframe in wicket? have you pasted that yet? On Feb 10, 2010, at 8:32 PM, Steve Swinsburg wrote: Ok I did that, the Wicket app comes up as as HTTP, however if I do the same thing to any that renders in the same style of iframe, it's HTTPS. these tools are other display technologies, like JSF, Velocity, etc. Here's the first Wicket app: http://server.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea/?panel=Main Here's a Velocity app in in the same page: https://server.edu.au/portal/tool/f85ba967-614f-4d5d-81cc-1d931f660b93?panel=Main The URL of the entire site is: https://server.edu.au/portal/site/test123/page/3881df23-3931-4928-9d36-702629927ba0 I have another Wicket app that another developer wrote, same thing, HTTP only. So it's only Wicket tools that are doing this. thanks, Steve On 11/02/2010, at 3:22 PM, Jeremy Thomerson wrote: What I've suspected all along is that your main page MAY be loaded https, but that your iframe src is actually ending up http. do this (in firefox): pull up the app in https, right click in the iframe, click this frame, click show only this frame. is the url that appears with the iframe content https? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 9:57 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Exactly. So why are they coming up as HTTP when both the URL and iframe src are both HTTPS. All resources that Wicket sends from this application are coming up as HTTP. So I am thinking it still thinks its on HTTP, not HTTPS. I'll add some logging to the Application init() to figure out if Wicket thinks its on HTTP or HTTPS. Could be the iframe? thanks, Steve On 11/02/2010, at 2:48 PM, Igor Vaynberg wrote: your paste does not contain any absolute urls, only relative ones... -igor On Wed, Feb 10, 2010 at 7:15 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Yes, the app is rendered in an iframe as my app is deployed into a portal container. I pasted that HTML from the iframe source, but here is the whole lot: http://pastie.org/819416 Line 21 has the import for the css. Line 55 is a ContextImage The iframe source is: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea?panel=Main and that renders the tool. Using the padlock in the bottom right of Firefox, and analysing the Media, gives all images that are loaded on the page, and all of those that come from this app are http only, the rest that come from the portal container are https as normal. Changing the address to http and refreshing makes the portal container urls change to http as expected. thanks, Steve On 11/02/2010, at 1:45 PM, Jeremy Thomerson wrote: Well, can you paste the actual html that is generated that links to your stylesheet on the https page? Because what you pasted earlier was a relative URL, which would mean that the browser would make it https as well. So, they're some piece of the puzzle we haven't received yet. Perhaps you could browse to the https page, view source, copy the whole source into pastebin and send it? Are you using iframes or anything? -- Jeremy Thomerson
Re: wicket app over https but renders some images as http
I think I may have this sorted. It seems localised to one production instance only and an acceptance machine with a similar setup to the production machine is not showing the symptoms (and I can't reproduce in dev). It certainly was an odd one. Must be the server configuration. Thanks for all the replies, I think we've all learned something today ;) cheers, Steve On 11/02/2010, at 6:20 PM, Steve Swinsburg wrote: The interesting thing is that I am unable to reproduce this locally, the iframe is served over HTTPS in my local instance but broken in production. So I'm starting to think it's a Tomcat config issue. I've sent a note out to the sysadmin to check the Tomcat connector settings. One thing is that the prod instance is using Apache in front of Tomcat, but I am just using an SSL enabled Tomcat. I'mm bring up an Apache instance and see if I can break it. Igor how do I change the rendering pattern? I will try that locally. thanks. Steve On 11/02/2010, at 6:11 PM, Igor Vaynberg wrote: it may be that this servlet filter is rewriting any redirects. by default wicket uses redirect to buffer pattern, i doubt velocity or your other tools are doing something similar. try changing the rendering pattern in wicket to direct_to_render and see if that helps. -igor On Wed, Feb 10, 2010 at 8:49 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: It's done by the portal, but it renders an iframe of source: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea Which is the direct link to the tool instance. So it appears to be HTTPS, but then reverts to HTTP for some reason. If I go to that URL in my browser, with HTTPS intact, it will revert to HTTP in front of me. If I grab the iframe source for another tool, say a Velocity based tool, the url is similar, still HTTPS, and stays HTTPS when viewing it. thanks, Steve On 11/02/2010, at 3:36 PM, Andrew Lombardi wrote: what's the code you're using to render the link for the iframe in wicket? have you pasted that yet? On Feb 10, 2010, at 8:32 PM, Steve Swinsburg wrote: Ok I did that, the Wicket app comes up as as HTTP, however if I do the same thing to any that renders in the same style of iframe, it's HTTPS. these tools are other display technologies, like JSF, Velocity, etc. Here's the first Wicket app: http://server.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea/?panel=Main Here's a Velocity app in in the same page: https://server.edu.au/portal/tool/f85ba967-614f-4d5d-81cc-1d931f660b93?panel=Main The URL of the entire site is: https://server.edu.au/portal/site/test123/page/3881df23-3931-4928-9d36-702629927ba0 I have another Wicket app that another developer wrote, same thing, HTTP only. So it's only Wicket tools that are doing this. thanks, Steve On 11/02/2010, at 3:22 PM, Jeremy Thomerson wrote: What I've suspected all along is that your main page MAY be loaded https, but that your iframe src is actually ending up http. do this (in firefox): pull up the app in https, right click in the iframe, click this frame, click show only this frame. is the url that appears with the iframe content https? -- Jeremy Thomerson http://www.wickettraining.com On Wed, Feb 10, 2010 at 9:57 PM, Steve Swinsburg steve.swinsb...@gmail.comwrote: Exactly. So why are they coming up as HTTP when both the URL and iframe src are both HTTPS. All resources that Wicket sends from this application are coming up as HTTP. So I am thinking it still thinks its on HTTP, not HTTPS. I'll add some logging to the Application init() to figure out if Wicket thinks its on HTTP or HTTPS. Could be the iframe? thanks, Steve On 11/02/2010, at 2:48 PM, Igor Vaynberg wrote: your paste does not contain any absolute urls, only relative ones... -igor On Wed, Feb 10, 2010 at 7:15 PM, Steve Swinsburg steve.swinsb...@gmail.com wrote: Yes, the app is rendered in an iframe as my app is deployed into a portal container. I pasted that HTML from the iframe source, but here is the whole lot: http://pastie.org/819416 Line 21 has the import for the css. Line 55 is a ContextImage The iframe source is: src= https://myserver.edu.au/portal/tool/138a11eb-bcee-4b13-b6c5-d7bf206980ea?panel=Main and that renders the tool. Using the padlock in the bottom right of Firefox, and analysing the Media, gives all images that are loaded on the page, and all of those that come from this app are http only, the rest that come from the portal container are https as normal. Changing the address to http and refreshing makes the portal container urls change to http as expected. thanks, Steve On 11/02/2010, at 1:45 PM, Jeremy Thomerson wrote: Well, can you paste the actual html that is generated that links to your stylesheet on the https page? Because what you