Current time: 10-20-2019, 07:26 PM Hello There, Guest! (LoginRegister)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
mhtml AND SSL
11-19-2010, 08:47 AM (This post was last modified: 11-19-2010 08:55 AM by hdtvrocks.)
Post: #1
mhtml AND SSL
Hi all,

I'm working on a IE only web application and was hoping to utilize mhtml and data: URI to minimize our http requests. However, during my testing I ran into an issue with mhtml over SSL. Even though the reference to the mhtml destination is via https, IE7 (I assume 6 too) throws a non-secure error. I've verified via httpwatch that IE7 is really retrieving the files via https(actually retrieved in cache). I've seen some comments in stoyan's blog entry stating the same result. Does anyone know of a solution for this?
Find all posts by this user
Quote this message in a reply
01-03-2011, 11:12 AM
Post: #2
RE: mhtml AND SSL
From Stoyan's blog, in the post by "Veronica" from "September 25th, 2010 at 2:06 pm":

"http://www.microsoft.com/technet/security/Bulletin/MS07-034.mspx
http://msdn.microsoft.com/en-us/library/ms775147
http://support.microsoft.com/kb/825803/
http://support.microsoft.com/kb/330994/

Why must full URLs be used in CSS url(…)?
Internet Explorer processes the mhtml: prefix(protocol) internally before and after sending a GET for the content. What is sent to the server is a normal HTTP GET request for the base resource file, exluding the !(BAM) and the multipart-indicator suffix. For example, if you request mhtml:http://my.example.com/ie-fix.mht!image.png in any version of IE, the browser interprets the mhtml: protocol as a request for multipart/related content and strips the ‘!image.png’ part-reference before sending a GET for http://my.example.com/ie-fix.mht (or before reading the file from cache). Upon recieving a response, IE resumes processing of the mhtml: protocol and uses the previously stripped reference suffix to extract the specific multipart resource from the returned (or cached) file resource.

Why won’t this work with some versions of IE?
Because of several security concerns (see references) many versions of IE will not properly serve multipart/related content when it decides the content mime does not match the URI. Affected platforms are IE7 on Vista/Windows7 and IE6 on any platform after installation of security update MS03-014 (this is an Outlook Express update, but KB330994 explains that IE uses Outlook Express to render MHTML content). In KB825803, Microsoft suggests changing the file extension to “.mht” to solve this problem. The full solution is to make sure the URI and mime-type match, and that they both indicate “Content-Type: multipart/related”. This means that to insure success of the multipart/related stylesheet technique on all versions of Internet Explorer you need to do two simple things. Configure your webserver to serve your file resource as “Content-Type: multipart/related” and ensure that the URI points to a resource ending with “.mht”

The two simple things:
ALWAYS use the .mht extension for multipart-encoded (MHTML) stylesheets.
AND Configure your web daemon to serve this extension as “Content-Type: multipart/related”
In short, don’t lie to IE about the content of your stylesheet file resource."

Does this solve the issue?
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 2 Guest(s)