In earlier versions of the servlet spec, you must call setContentType() before you call getOutputStream().
Although I thought this was changed in later versions, so maybe this is a red herring. Andy. -----Original Message----- From: Chris Parker To: Tomcat Users List Sent: 09/12/2002 16:01 Subject: REPOST: SSL and setContentType() and "secure and nonsecure items" Greetings all, Apologies in advance for the blatant repost; I originally posted Friday afternoon, and I'm not sure if I got lost in the 'it's Friday - let's go home' shuffle or if nobody knows how/wants to help. ----------Original Message--------------- No doubt there's a simple way around this, but I can't find it. I have some dynamic content that is being sent to the user's browser as PDF on an SSL enabled page. When the user goes to the page, she gets the message "This page contains both secure and nonsecure items." I've traced the problem to this method call: response.setContentType("application/pdf"); When I set the content type, I get the error message. When I don't set the content type, the user is prompted to download the file as an http download (which is obviously correct behavior). Is there another way to set the header? Do I need to encode the header into the ByteArrayOutputStream by hand? -- A somewhat truncated code snippet -- ByteArrayOutputStream baos = GoSomeplace.getPdfContent(); ServletOutputStream out = response.getOutputStream(); response.setContentLength( baos.size() ); response.setContentType("application/pdf"); //Causes error message baos.writeTo( out ); out.flush(); -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>