SSL site - Images not displayed by Internet Explorer

[tisha]

Hi,

Have an interesting issue here. After installing the SSL cert for a domain, the secure site is coming up fine on all the browsers, except for IE. Internet Explorer is not displaying the images on the site, whereas firefox, opera et. al has no problems whatsoever....

Any thoughts, please ?

Please check out https://www.iptoto.com in IE and Firefox, and compare them.

 

[webignition]

Change all the src properties for the <img> tags to full https URLs instead of relative URLs.

 

[brianoz]

Change all the src properties for the <img> tags to full https URLs instead of relative URLs.

I would have thought relative URLs would work just fine???

 

[brianoz]

Your problems stem from incorrectly formed URLs, I'll leave how up to you.

The Firefox URL for an image is:
https://www.iptoto.com/images/EF-W4000-300dpi-500.jpg

The IE URL for an image is:
http:///images/EF-W4000-300dpi-500.jpg

Must be something wrong in your site logic or in javascript?

The fix for this is probably to just use relative URLs! ie: use /images/EF-W4000-300dpi-500.jpg instead of http://$DOMAIN/images/...

 

[webignition]

I would have thought relative URLs would work just fine???

They might, if formed correctly.

However, relative URLs for anything (images, css files, js files) within a secure page may be, and quite often are, interpretted by a browser as being insecure URLs. This can often cause the browser to inform the user that the page contains both secure and insecure items, which is not a good thing.

The only reliable way of serving a secure page such that everything displays correctly and the user does not get a 'secure and insecure items' warning is to use full URLs for everything.

 

[brianoz]

They might, if formed correctly.

However, relative URLs for anything (images, css files, js files) within a secure page may be, and quite often are, interpretted by a browser as being insecure URLs. This can often cause the browser to inform the user that the page contains both secure and insecure items, which is not a good thing.

The only reliable way of serving a secure page such that everything displays correctly and the user does not get a 'secure and insecure items' warning is to use full URLs for everything.

There's considerable merit to your suggestion of always using full paths and it's a nice easy solution.

However, use of full paths everywhere can make it MUCH harder to move the site around and test it. It's always going to be sufficient to use relative paths for image files (promise!), although I agree some testing might be needed for CSS and JS files. In the past I've found that I can get pages to work well in all browsers with https by playing around with the paths in the page, although there's always a possible future where that won't work and I'd need to fall back to your method.