On Wed, 23 Mar 2005, David Lampkin wrote:
Does the same problem happen with an IIS server, and ssl on standard not OWA pages?
Usually, but not as visible. The problem is that web servers at a number of occations renders absolute URLs into the returned HTML or HTTP headers, and as far as the web server knows it was requested using http:// not https:// and the web server therefore uses http:// URLs in it's responses.
Absolute URLs can most often be seen in the following cases:
- Redirects, such as when you request a directory but forget the last / after the directory name.
- CGI or other applications/scripts generating HTML responses with absolute URLs to the server.
- WebDAV requests/responses
Redirects and WebDAV is hard to do anything about without help from the web server manufacturer.
CGIs, scripts and static content should be changed to use relative URLs where possible (absolute URL-paths is fine, but not full URLs including protocol).
The custom "Front-End-Https: yes" header tells OWA that there is an https->http gateway infront of OWA, telling OWA to use https:// URLs in it's responses even if it was called using a http:// request (proxy->OWA). Other applications may use other headers.
Regards Henrik
