On 6/9/05, Christian Bell <cshbell@xxxxxxxxx> wrote: > One of our users is trying to access JSP pages over HTTPS (assume > https://foo.com/foo.jsp). Do these pages require cookies? > When the page is accessed through the proxy with Internet Explorer > (Win32), a blank page is rendered (and a subsequent View Source > reveals only skeletal HTML, no content). When the page is accessed > WITHOUT the proxy in Internet Explorer, the page is rendered > correctly. If you manually define the proxy server address and port in Windows control panel instead of using a PAC, does the page render correctly? > When the page is accessed through the proxy with either > Firefox (Win32 or Mac) or a different browser like Safari, the page is > rendered correctly. BTW, there's a totally unrelated PAC bug in Safari on Tiger, see Full-Disclosure for details. > Tailing the access.log file confirms that in all cases, the requests > are going through Squid (2.5S9). The proxy setup between the browsers > is identical (issued via a PAC), and all other web pages and sites > load fine in Internet Explorer through the proxy. The only problem is > this one JSP-driven site. > > I've searched Google and the squid-users archives, but have come up > empty-handed. Any ideas? Depending on how complex your PAC is and how the page is constructed, there are a few different bugs related to MSIE 6 that might produce the results you see. The key question here is whether the blank page is what is being sent by the JSP, or is something IE is doing internally. You might be able to tell based on the byte count returned from the HTTPS server to the client? Microsoft documents mention bugs relating to cookies, cross-frame scripting, etc, generally these are side-effects of the new security and privacy controls included in recent IE6 patches -- if setting privacy to "low" fixes the problem, you've triggered one of these. Kevin Kadow