Redirect to a connection that is not secure

by @jehiah on 2005-05-16 17:36UTC
Filed under: All , HTML

Internet Explorer 6.0 service pack 1 introuduced a bug where in one specific case, the setting “Warn if changing between secure and not secure mode” under the Advance tab of Internet Options is ignored. This bug is kindly discussed in Mirosoft Knowledge Base article 883740 but this solution isn’t.

The dialog box to the right which states “You are about to be redirected to a connection that is not secure. The information you are transmitting to the site may be retransmitted to a nonsecure site…” happens in the following scenario:

http page -> (POST login info) https page -> redirect (302) to http -> Internet Explorer gives dalog box -> (GET w/o login info) http page

Simple solution, it doesn’t like the redirect, so do it in a different method

Instead of the 302 redirect, give a 400 responce, and a meta-refresh tag. <meta http-equiv="refresh" content="0;url=http://jehiah.com/">

I should probably mention that Firefox has no problems with this at all, and in fairness to Microsoft, they do provide a “solution” to the problem in their knowledge base : edit the registry. But hello!! this is the internet we are talking about, that just won’t work.

Subscribe via RSS ı Email
Jehiah Czebotar