I am using application to display the Http image url in the RSS. But while loading this image in the HTTPS server and opening in Internet Explorer showing Security warning. How to solve this problem? How this can be handled using java and display in RSS?
Asked
Active
Viewed 1,069 times
0
-
What is the problem you are trying to solve? bypassing security warning or changing https to http? if it's to bypass security warning, that's not possible. if it's the other, then the solution is obvious. – gigadot Sep 26 '12 at 17:21
-
My problem is loading the RSS feed in https server which contains the image url with http. Is there any method to change this external http url(which are from external/other websites) to https while displaying in RSS – George Viju Sep 26 '12 at 17:32
-
how does this have anything to do with java? you mean javascript? the answer is still no. you cannot do anything on client-side. – gigadot Sep 26 '12 at 17:36
-
@gigadot given the [tag:jspx] tag (which I just removed) I'd say the OP _did_ actually mean [tag:java]. – Matt Ball Sep 26 '12 at 17:44
-
@MattBall I see, but I still don't understand the relationship between java and internet explorer in this question. – gigadot Sep 26 '12 at 19:44
3 Answers
1
Use scheme-relative URLs. That mean URLs that look like this:
<img src="//example.com/images/foo.jpg"/>
instead of this:
<img src="http://example.com/images/foo.jpg"/>
More reading: Is it valid to replace http:// with // in a <script src="http://...">?
-
The image is loading from external server say, http://www.otherwebsite.com/test.jpg. – George Viju Sep 26 '12 at 17:21
-
1
-
This only works if the other site also serves the same content over HTTPS, which isn't always the case... – Bruno Sep 26 '12 at 18:29
-
Hi Matt Ball... I tried this in IE-8 the Images are not getting displayed. – George Viju Sep 27 '12 at 09:16
-
@George as Bruno commented, the other site does need to serve the same content over HTTPS. Do you have an actual example URL that's not working for you? – Matt Ball Sep 27 '12 at 10:28
0
I don't know Java, but you could do :
var STRING
IF SSL DETECTED
STRING = REPLACE HTTP WITH HTTPS
ECHO STRING
Do this inside the loop.
The best way to do it is to create two main constant with both url in http and https and use thoses as prefix in your url whatever SSL is detected or not.
David Bélanger
- 7,400
- 4
- 37
- 55
-
No, the correct way to handle HTTP and HTTPS is with scheme-relative URLs. – Matt Ball Sep 26 '12 at 17:21
-
Your approach isn't completely wrong, but detecting whether SSL is used isn't always easy, in particular on a non-standard port or behind a load-balancer. The scheme-relative URL approach also has the advantage that it doesn't require any server-side code in general. – Bruno Sep 27 '12 at 16:37
-
Thinking about it, since you'd often need to detect whether the request came over HTTPS or not, in particular if your system has redirections using the `Location` header (similar to [this problem](http://stackoverflow.com/q/12626912/372643)), which requires *absolute* URIs at all times according to the HTTP spec (although not always in practice), you're likely to have some mechanism in place for that anyway. – Bruno Sep 27 '12 at 18:39
0
If the image (or other content) is hosted on the same host, the simplest is to use a relative-path reference or an absolute-path reference (i.e. src="path/to/image.png" or src="/path/to/image.png).
If the image is on a different host that serves the same content over HTTPS (with a certificate likely to be trusted by your users too) and plain HTTP (at least for this resource), use a network-path (relative) reference, i.e. omit the scheme from the URI (e.g. src="//the.host.name/path/to/image.png").
If that other host doesn't serve this content over HTTPS, this becomes more complex. One work-around is to serve it yourself via a reverse-proxy which would query this content. The address used by the client would point to your HTTPS server, and your server would fetch the content in the back. You may want to consider the following points when doing this:
- Security: you're effectively serving someone else's content via your host, but should it be trusted as coming from your host? Perhaps this should be a separate HTTPS host than your main HTTPS site.
- Bandwidth: all the content is going to be served by your host effectively, and you may have to fetch it first.
- Legal: this may or may not be considered as hosting someone else's content.
-
Does it work with old broswer ? I have seen this for the first time a year ago even if I do some dev since almost 10 years ? – David Bélanger Sep 27 '12 at 16:14
-
@DavidBélanger What does? Network-path relative refs starting with `//`? I'm not sure which old browsers support that, but it was already in the 1998 spec: http://tools.ietf.org/html/rfc2396#section-5 – Bruno Sep 27 '12 at 16:21
-
Yeah, that was the question. If old broswer doesn't support this, ok yes, move on we are in 2012, but still... that why I suggested an hardcoded way with a constant and IF/ELSE. – David Bélanger Sep 27 '12 at 18:27
-
@DavidBélanger, according to [this answer](http://stackoverflow.com/a/2975736/372643), it works with IE 3 (I haven't checked that). [Another answer](http://stackoverflow.com/a/2975722/372643) points out that this leads to [double-download problems with IE 6 and 7](http://www.stevesouders.com/blog/2010/02/10/5a-missing-schema-double-download/) (although it works). – Bruno Sep 27 '12 at 18:35