ASP, SSL, Form POST, Content-Type

Results 1 to 2 of 2

Thread: ASP, SSL, Form POST, Content-Type

  1. #1
    Join Date
    Dec 1969

    Default ASP, SSL, Form POST, Content-Type

    Ok, here&#039;s a bizarre issue in IE&#039;s security behavior that I haven&#039;t been able to figure out/work around:<BR><BR>I wrote a component that generates PDF documents. This COM is called from an ASP page that gets its data from a form. The ASP page is running on an SSL site. It parses the data from the form, decides what needs to go into the PDF component to generate the desired document, sets the return headers to reflect a PDF document (Response.ContentType = "application/pdf"), and then BinaryWrites the PDF data to the page.<BR><BR>When running without SSL and the form method is POST or GET, it works fine. When running with SSL and the form method is GET, it also works fine. However, using SSL and the POST method, IE (all version as far as I can tell) display the annoying "This page contains secure and nonsecure items. Display the nonsecure items?" pop-up. Even if you answer no, the PDF document is still displayed. So somehow, IE is getting confused with the return headers, thinks there are nonsecure items in the page, and deciding to display that pop-up. For the desired application, having this pop-up every time is unacceptable, and changing browser settings isn&#039;t really an option either. When retrieving the PDF document over SSL using the POST method in Netscape, it doesn&#039;t have any problem.<BR><BR>Since the entire transaction is SSL encrypted, I can&#039;t use telnet or netmon to grab the traffic and see what headers or page data are being returned that seem to be causing IE troubles.<BR><BR>Any ideas?

  2. #2
    Join Date
    Dec 1969

    Default RE: ASP, SSL, Form POST, Content-Type

    I&#039;ve experienced quirky behavior with IE when it comes to the headers also. I was trying to access the server variable "HTTP_REFERRER" over a secure connection and could not get IE to work. Netscape, however works great. I never did find a solution, just had to invent a work-around.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts