Forum OpenACS Q&A: Templating System and HTTPS

Collapse
Posted by Jose Mendez on
we are having a problem with browsers not showing the secure icon when viewing pages over SSL. The URL shows "https" and the page properties show that the page was transmitted encrypted and yet the secure icon does not show on neither Netscape or IE.  I've been doing some testing and what I have found is that this only happens on pages that reference a master template using the <master> tag.

I should let you know that we are running ACS 4.2 and ACS Templating 4.1.2 so the code is kind of old and perhaps has been fixed.  I am hoping that someone knows about this and can point me in the right direction to fix it.  Thanks.

Collapse
Posted by Brad Duell on
What do the references to the graphics look like in master?  Relative (i.e. "/graphics/mygif.gif") or absolute (i.e. "http://www.mydomain.com/graphics/mygif.gif")?

I'm guessing the page is getting something from an insecure site via the master.

Collapse
Posted by Jose Mendez on
There are only two graphics used in the entire template and they are specified with relative paths "/graphics/fsd/fsd_title.gif" and "/graphics/misc/logo.gif"

After reading your post I was doing some testing on Mozilla and it does show the secure icon, so it seems that IE is the only having the problem.  However it does get solved by removing the <master> tag from the file.  One thing I noticed is that while the IE is waiting for the request to come back it shows the secure icon, but as soon as the page is loaded the icon goes away.

any more ideas? and btw thanks for your reply ...

Collapse
Posted by Jose Mendez on
Brad, you are right, it does have to do with the graphics in the page.  I turned the security alerts on IE and when it loads the graphics it warns that we're leaving the secure connection and when I choose not to continue the page loads with no graphics but the secure icon shows.  This kind of sucks ...  does this mean I'm gonna have to specify absolute paths to make sure they get requested using https? ... hmmm, I hope there's a more general solution.
Collapse
Posted by Torben Brosten on
*.css references relative also?

Are both mentioned images served? ie. can you see them when requesting via https, for example https://yourdomain.com/graphics/misc/logo.gif

If those work, try looking at the html resulting from the master. Maybe really broken page html throws it... such as two body tags or something..

Collapse
Posted by Torben Brosten on
oops.. you answered before I replied. =)

I'll ask slightly differently.

If you request each image via https. Do you see the image? if not, might be a permissions problem.

Collapse
Posted by Jose Mendez on
I got it now, the problem was that the images in the ssl'ed page were being redirected to http by a registered proc that we have in place for determining whether or not a page should be viewed over ssl. I have modified the proc to exclude our graphics directories and now the page loads without a problem .  Thank you guys for pointing me in the right direction.