I have a website in which every page is served via HTTPS. On one of the pages I have a form whose action attribute is set to a relative URL.
The page with the form can only be accessed via HTTPS and the page the form posts to can only be hit via HTTPS, yet in IE I get a security warning telling me I'm about to switch to an insecure connection. Is there any way to prevent this problem beyond codding the full URL including the protocol into the form's action attribute?
Update:
I tried hardcoding the entire URL and still I get the pop-up.
The relevant code is:
<html>
<body>
<form action="https://mydomain.com/editProfile">
...
</form>
</body>
</html>
As soon as I click the submit button in IE6 I get a security alert pop-up. If I click ok, the result page is displayed and the protocol is still HTTPS. I'm starting to wonder if it is the form POST that's causing the issue.