[Catalyst] Re: Making secure session cookies (or, how do we make Explorer stop complaining about nonsecure content on a secure page?)
On Mon, 21 Feb 2011 15:15:17 +, Carl wrote: I recommend you try viewing the page in a browser that will let you see all network requests - e.g. firefox with the firebug plugin running. Another nice tool is included in Chrom{e,ium} under Tools → Developer Tools, where - if you load an https-page, you get a little warning-sign and a number in the bottom-right corner, which, when clicked, pops up a list showing exactly what Chrome{e,ium} fetched that was insecure. Example screenshot: * http://koldfront.dk/misc/browsers/chromium-insecure-content.png Best regards, Adam -- Examination and mastering of a new highly Adam Sjøgren intellectual equipment was a hard labour. a...@koldfront.dk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Re: Making secure session cookies (or, how do we make Explorer stop complaining about nonsecure content on a secure page?)
Okay -- we'd tried this approach using Chrome already, and it is not showing *any* http:// requests from the https:// page. Life HTTP Headers (FireFox) shows either https://server.name/path requests or server-relative /path requests. Period. Same url, yet internet explorer complains... I've got a knack for finding weird stuff like this. Anybody else seen this? On Mon, Feb 21, 2011 at 3:38 PM, Adam Sjøgren a...@koldfront.dk wrote: On Mon, 21 Feb 2011 15:15:17 +, Carl wrote: I recommend you try viewing the page in a browser that will let you see all network requests - e.g. firefox with the firebug plugin running. Another nice tool is included in Chrom{e,ium} under Tools → Developer Tools, where - if you load an https-page, you get a little warning-sign and a number in the bottom-right corner, which, when clicked, pops up a list showing exactly what Chrome{e,ium} fetched that was insecure. Example screenshot: * http://koldfront.dk/misc/browsers/chromium-insecure-content.png Best regards, Adam -- Examination and mastering of a new highly Adam Sjøgren intellectual equipment was a hard labour. a...@koldfront.dk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ -- The first step towards getting somewhere is to decide that you are not going to stay where you are. -- J.P.Morgan ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Re: Making secure session cookies (or, how do we make Explorer stop complaining about nonsecure content on a secure page?)
will trillich wrote on 2/21/11 5:50 PM: Okay -- we'd tried this approach using Chrome already, and it is not showing *any* http:// requests from the https:// page. Life HTTP Headers (FireFox) shows either https://server.name/path requests or server-relative /path requests. Period. Same url, yet internet explorer complains... I've got a knack for finding weird stuff like this. Anybody else seen this? I've been bitten by this when the .js or .css I am loading will load an img. E.g., ExtJS loads a s.gif file by default from http and I have had to edit the .js file(s) to use a https version instead. -- Peter Karman . http://peknet.com/ . pe...@peknet.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/