This project is read-only.

HTTPS issues?

Developer
Sep 27, 2010 at 4:02 PM

Anton,

on a new portal I recently published I have some areas protected with SSL: in one of those pages I have an XsltDb module that, only under https, gives a javascript error with IE8:

 

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C)Timestamp: Mon, 27 Sep 2010 14:43:52 UTC

Message: Syntax errorLine: 1Char: 1Code: 0URI: https://www.mysite.it/DesktopModules/XsltDb/xsltdb.js?v=02.00.09

 

The module is very simple and then works (it just publishes some links), but this let me wonder: are there any issues using XsltDb modules with https?

I see that js has severl jquery ajax calls pointing to "ApplicationPath": is this "https enabled"?

Coordinator
Sep 29, 2010 at 6:26 AM

Alberto,

I've never used XsltDb on https sites.

Thank you for your report, I'll try to reproduce and fix the bug.

 

Developer
Sep 29, 2010 at 8:42 AM

Anton,

eventually you can get a free certificate at www.cacert.org.

Let me know if I can help further.

 

al.

 

Coordinator
Jan 2, 2011 at 8:12 AM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Coordinator
Jan 14, 2011 at 7:11 PM

Alberto,

Can you provide more details about HTTPS issue?

I can successfully run the following code under https:

<script type="text/javascript">
  $.post("{{mdo:service-url('test')}}", function(r){alert(r)}, 'text');
</script>

<mdo:service name="test" type="text/xml">
  <root>Some data</root>
</mdo:service>

 

Developer
Jan 17, 2011 at 9:17 AM

Anton,

I can't - I get an HTML response, with the XML in queue:


<html><head><title></title><!-- <script language="javascript">window.location.replace("http://www.MYSITE.it/DesktopModules/XsltDb/ws.aspx?service=test&mod=687")</script> --></head><body><div><a href='http://www.MYSITE.it/DesktopModules/XsltDb/ws.aspx?service=test&mod=687'>http://www.MYSITE.it/DesktopModules/XsltDb/ws.aspx?service=test&mod=687</a></div></body></html><?xml version="1.0" encoding="utf-8"?><root>Some data</root>

On page, I see:

http://www.MYSITE.it/DesktopModules/XsltDb/ws.aspx?service=test&mod=687
Some data

mdo:service-url gives me: : /DesktopModules/XsltDb/ws.aspx?service=test&mod=687
But the POST is sent over HTTPS, not HTTP, and gets the above response (I'm actually using a slightly modified sample, but that's not the problem - see below).
I believe the problem could be with DNN SSL configuration: the page is set as secure, and in site settings I have "ssl enforced" enabled. 
This setting causes DNN not to allow HTTP pages to be open in HTTPS: when you try to open a page not marked as secure with SSL, DNN forces a redirect injecting that javascript.
This already caused me some troubles: when users navigate a non secure page requesting HTTPS, they are forced to load the page twice, the former in SSL with the js injected (but pages is fully loaded loaded), the second in HTTP caused by the js.
I was able to avoid the double page load by putting a function in my skins:

if not TabController.CurrentPage.IsSecure andalso Page.Request.IsSecureConnection=true then
	response.redirect("http://" & Page.Request.Url.Host & Page.Request.RawUrl.ToString)
end if

Maybe something similar could be needed for mdo:services? 

Here's my ssl test:
<script type="text/javascript">
    $.post("{{mdo:service-url('test')}}", function(r){
    $('#result').html(r);

    }, 'text');
</script>
      <div id="result" style="border:solid 2px #ff0000;"></div>
<mdo:service name="test" type="text/xml">
  <root>Some data</root>
</mdo:service>

 

Coordinator
Jan 25, 2011 at 7:17 AM

Alberto,

Thnk you for your explanations. Now I can see what the bug actually is.

I've created a new release http://xsltdb.codeplex.com/releases/view/59735 with fix.

Release is hidden so you have lo log in.

All details in comments to release.