Hi,
What is the best way to make sure all assets(images etc.) are https://.... on all secure pages so that the ssl cert shows in browser address bar?
A:
Create a top most folder for your application and place all the components/assets within this folder. Make sure the topmost folder requires SSL.
Also from best practices point of view, something for discussion:
Do you really need SSL for your images? Unless there are some captcha images or other security requirements, consider not using SSL for images - it saves both n/w and server/client CPU.
Sesh
2009-07-13 10:39:49
If you want to send a page via SSL then you should also send the pictures via SSL or else many browsers will tell you of "unsecure content embedded in secure page".
Residuum
2009-07-13 10:46:21
That is correct. Will also agree that such messages can be confusing to the user. However in my experience, for regular websites (i.e. without special security needs) SSL over images is a overkill. On the client side the image will undergo both decompression (from jpeg and other format) and also decryption for SSL.
Sesh
2009-07-13 11:09:56
+1
A:
I use the following rewrite code in apache to redirect any non secure traffic to https://
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Shoan
2009-07-13 11:27:37