xml transform over https

Discussion in 'XML' started by Luther Baker, Dec 9, 2003.

  1. Luther Baker

    Luther Baker Guest

    My team is using the FO library to generate PDFs.

    We are also required to use https.

    The XSL transform page fed into javax.xml.transform.Transformer starts
    with

    <?xml version="1.0"?>
    <xsl:stylesheet version="1.0"
    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
    xmlns:fo ="http://www.w3.org/1999/XSL/Format">

    ---

    Now, when displaying the PDF, Internet Explorer is popping an alert
    saying "This page contains both secure and nonsecure items. Do you
    want to display the nonsecure items?"

    And no particular preferences in IE take this away. ENABLE MIXED
    CONTENT and WARN IF CHANGING ... are both set correctly, yet we still
    get the popup. I can only think that this xsl file is causing us
    trouble.

    Now, before looking at this problem - I believed that namespace uri
    strings were simply that, unique identifiers. Not necessarily valid
    internet URLs. Since transorms work without a connection to the
    internet, it seems to make sense. Yet, as soon as I put
    https:///www.w3.org/1999/XSL/Transform into this header, I get the
    infamous "javax.xml.transform.TransformerException: stylesheet
    requires attribute: version".

    Can someone explain to me why the URI needs to be exactly
    http://www.w3.org/1999/XSL/Transform and is there any way around this?
    I'd like to get everything within the https environment, to use https
    - as I'd like to get rid of that popup.

    Thanks,

    -LutherB
    Luther Baker, Dec 9, 2003
    #1
    1. Advertising

  2. Luther Baker wrote:

    > ...
    > Can someone explain to me why the URI needs to be exactly
    > http://www.w3.org/1999/XSL/Transform and is there any way around this?
    > ...


    Because, as you said, it's just a string. But it's also an *identifier*
    -- if it doesn't match character by character, the XSLT engine will not
    recognize the language.

    I'd say this is a browser bug -- namespace URIs should be irrelevant for
    security considerations (unless of course something really accesses them).

    Julian
    Julian Reschke, Dec 9, 2003
    #2
    1. Advertising

  3. Luther Baker wrote:

    > My team is using the FO library to generate PDFs.
    >
    > We are also required to use https.
    >
    > The XSL transform page fed into javax.xml.transform.Transformer starts
    > with
    >
    > <?xml version="1.0"?>
    > <xsl:stylesheet version="1.0"
    > xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
    > xmlns:fo ="http://www.w3.org/1999/XSL/Format">
    >
    > ---
    >
    > Now, when displaying the PDF, Internet Explorer is popping an alert
    > saying "This page contains both secure and nonsecure items. Do you
    > want to display the nonsecure items?"
    >
    > ...


    Speaking of which -- if the transformation happens server-side, why
    would the exact syntax of the XSLT ever affect the generated PDF data
    stream? I guess there's something else wrong with the content you're
    sending.
    Julian Reschke, Dec 9, 2003
    #3
  4. Luther Baker wrote:

    > My team is using the FO library to generate PDFs.
    >
    > We are also required to use https.
    >
    > The XSL transform page fed into javax.xml.transform.Transformer starts
    > with
    >
    > <?xml version="1.0"?>
    > <xsl:stylesheet version="1.0"
    > xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
    > xmlns:fo ="http://www.w3.org/1999/XSL/Format">
    >
    > ---
    >
    > Now, when displaying the PDF, Internet Explorer is popping an alert
    > saying "This page contains both secure and nonsecure items. Do you
    > want to display the nonsecure items?"
    >
    > And no particular preferences in IE take this away. ENABLE MIXED
    > CONTENT and WARN IF CHANGING ... are both set correctly, yet we still
    > get the popup. I can only think that this xsl file is causing us
    > trouble.
    >
    > Now, before looking at this problem - I believed that namespace uri
    > strings were simply that, unique identifiers. Not necessarily valid
    > internet URLs. Since transorms work without a connection to the
    > internet, it seems to make sense. Yet, as soon as I put
    > https:///www.w3.org/1999/XSL/Transform into this header, I get the
    > infamous "javax.xml.transform.TransformerException: stylesheet
    > requires attribute: version".
    >
    > Can someone explain to me why the URI needs to be exactly
    > http://www.w3.org/1999/XSL/Transform and is there any way around this?
    > I'd like to get everything within the https environment, to use https
    > - as I'd like to get rid of that popup.


    I am pretty sure the warning IE gives has nothing to do with the
    namespace URIs. Your XSLT transformation is done on the server isn't it?
    So IE doesn't even see the XSL stylesheet.
    I don't know what kind of page you generate but maybe you have an
    <iframe> in there pointing to a non https URL. That is when IE usually
    gives the warning.
    If you post a URL maybe we can find out what causes the warning but I
    don't think the whole problem is related to XML thus asking in an IE
    group might be a better way.

    --

    Martin Honnen
    http://JavaScript.FAQTs.com/
    Martin Honnen, Dec 9, 2003
    #4
  5. Luther Baker

    Luther Baker Guest

    Martin Honnen <> wrote in message news:<3fd5b262$>...
    > Luther Baker wrote:
    >
    > > My team is using the FO library to generate PDFs.
    > >
    > > We are also required to use https.
    > >
    > > The XSL transform page fed into javax.xml.transform.Transformer starts
    > > with
    > >
    > > <?xml version="1.0"?>
    > > <xsl:stylesheet version="1.0"
    > > xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
    > > xmlns:fo ="http://www.w3.org/1999/XSL/Format">
    > >
    > > ---
    > >
    > > Now, when displaying the PDF, Internet Explorer is popping an alert
    > > saying "This page contains both secure and nonsecure items. Do you
    > > want to display the nonsecure items?"
    > >
    > > And no particular preferences in IE take this away. ENABLE MIXED
    > > CONTENT and WARN IF CHANGING ... are both set correctly, yet we still
    > > get the popup. I can only think that this xsl file is causing us
    > > trouble.
    > >
    > > Now, before looking at this problem - I believed that namespace uri
    > > strings were simply that, unique identifiers. Not necessarily valid
    > > internet URLs. Since transorms work without a connection to the
    > > internet, it seems to make sense. Yet, as soon as I put
    > > https:///www.w3.org/1999/XSL/Transform into this header, I get the
    > > infamous "javax.xml.transform.TransformerException: stylesheet
    > > requires attribute: version".
    > >
    > > Can someone explain to me why the URI needs to be exactly
    > > http://www.w3.org/1999/XSL/Transform and is there any way around this?
    > > I'd like to get everything within the https environment, to use https
    > > - as I'd like to get rid of that popup.

    >
    > I am pretty sure the warning IE gives has nothing to do with the
    > namespace URIs. Your XSLT transformation is done on the server isn't it?
    > So IE doesn't even see the XSL stylesheet.
    > I don't know what kind of page you generate but maybe you have an
    > <iframe> in there pointing to a non https URL. That is when IE usually
    > gives the warning.
    > If you post a URL maybe we can find out what causes the warning but I
    > don't think the whole problem is related to XML thus asking in an IE
    > group might be a better way.


    There is no iframe, we just post to a servlet, feed the XSL info the
    FO engine, and then return the PDF contents to the browser. The
    browser prompts the user, and on saying OK, the PDF is downloaded and
    ADOBE opens.

    I agree with you, its probably got nothing to do with the XSLT, but
    I'm not sure why IE feels the content is mixed.

    I will try and IE newsgroup.

    Thanks,

    -LutherB
    Luther Baker, Dec 9, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. chitu

    XML over HTTPS

    chitu, May 11, 2005, in forum: XML
    Replies:
    6
    Views:
    7,724
    Ian Wilson
    May 12, 2005
  2. kryptson2004

    Sample C for sending SOAP XML over HTTPS

    kryptson2004, Sep 11, 2009, in forum: C Programming
    Replies:
    0
    Views:
    644
    kryptson2004
    Sep 11, 2009
  3. Axel
    Replies:
    8
    Views:
    1,081
    Adrienne Boswell
    Apr 27, 2009
  4. jotto
    Replies:
    4
    Views:
    381
    jotto
    Oct 2, 2006
  5. brad
    Replies:
    4
    Views:
    143
Loading...

Share This Page