Https errors in IE7 for WebResouce requests.

[Chuck P]

If I create a control which uses an embedded image and then put in on an
HTTPS request IE complains about having secure and nonsecure items.

The code is:

protected override void RenderContents(HtmlTextWriter writer)

writer.AddAttribute(HtmlTextWriterAttribute.Src,
Page.ClientScript.GetWebResourceUrl(this.GetType(),
@"Util.Ctrl.LanlHeaderFooter.xfooter-flap.gif"));

writer.RenderBeginTag(HtmlTextWriterTag.Img);writer.RenderEndTag();


The rendered page looks like:
<img
src="/WebResource.axd?d=nc8abQRgNFbYC__mtwu1dcoXXE1irMXnivUPeULPG9kycw8mvRhETkdzWWJBUFQLM6ts8qSJHbQp9HKu8QZBNA2&t=633277067943801753" id="img-inside" />

How can I prevent this error message?

 

[Walter Wang [MSFT]]

Hi Chuck,

First, please look into this KB to see if this applies to your case:

#SSL Termination and ASP.NET
http://support.microsoft.com/kb/910444/


I've also found some similar cases that if the requests are mixed with http
and https content, the warning will be issued. Please use Fiddler
(http://www.fiddlertool.com/) to trace the requests to see if this is the
case.

If above information doesn't help, please create a reproducible project
along with your configuration settings and send it to me for further
troubleshooting. Thanks.


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Chuck P]

I did some googling on sercure and non-secure items.
Seems to be an IE bug that occurs if you use relative URLs.
IE doesn't respect the way the request was made.

Not completely correct:
http://www.webmasterworld.com/forum23/4441.htm

 

[Walter Wang [MSFT]]

Hi Chuck,

The URL you referenced doesn't mention it's IE7 specific or occurs on all
IE versions.

Do you have a repro at hand to show this issue? I haven't found similar
reports regarding this issue.

Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Chuck P]

Walter,

I found the following statement in a web page where a ctrl was placed.
<link href="mvwres:7-Util.Ctrl.LanlHeaderFooter.LanlHeader.css,Util,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"
rel="stylesheet" type="text/css" />

I am not sure when or what makes a composite control insert this into a page
(do you know?).
After I removed the link, the embedded CSS was still applied in the ctrl at
design time.

Anyway I removed the mvwres link code and now I don't get the SSL warning in
IE7.

 

[Walter Wang [MSFT]]

Hi Chuck,

Thank you very much for your update and sharing the root cause here. I
think the link of "mvwres" custom protocol we once discussed must be
treated as http resource from the https page and caused the warning.

Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.