Over SSL I get message "this page contains both secure ..."

[mario_]

Hi,

I use https and I get following warning "This page contains both secure and nonsecure items" in IE, thats annoying. So I used firebug to find the reason and found out that the primefaces css cannot be loaded over SSL so it is done over the normal http connection. See details in image:



Is there any configuration for this?


primefaces 2.2.1 - mojarra 2.0.4

[healeyb]

This is a browser thing, google it, there's a million posts out there. It's
something in the internet options advanced tab, maybe clear the
'warn if changing between secure and non-secure mode' but I can't
remember exactly.

[mario_]

I don't want to ignore the warning, i want to solve it. ^^

It seems that the css files cannot transmitted throw the https channel and so the normal http channel is used.

[healeyb]

So you want to send all your images, sprites, css files & javascript over
SSL? I looked at this ages ago, I really don't think there's anything you can do
about it. I did write an HTTPS to HTTP downgrader so that just because I'd
upgraded to HTTPS for login I didn't have to stay on it for the entire session,
but in the end the amount of aggravation I had with site certificate errors/
browser errors etc... I gave up with it. I just had more important things to
be doing.

I guess with PrimeFaces you'd need a change in the ResourceHandler or
something like that, but I could imagine this coming down to the issue of
why you'd want to send publicly available static resources over a secure
channel, I can't see it happening.

The reality is that I don't reckon anyone runs with this setting turned on
with IE because it would drive you insane. After upgrading to IE7/8
whichever when they introduced this check I'd got it turned off within 2
minutes.

Brendan.

[mario_]

now i know whats wrong. is use https only for the context "/admin", the resources instead are loaded from context root