I am using an ActionFilter (see below) to detect whether or not 1. the current controller/action requires SSL and 2. SSL is currently being used, and redirect accordingly. This works fine locally (using a dummy cert in IIS 7) but once I get it up on the server I get an error indicating an infinite redirect loop. Any ideas? public cla...
I've got a CKEditor WYSIWYG text and HTML editor control on an HTTPS/SSL web page. I just today enabled the SCAYT (spell check as you type) feature and now see a Security Warning when the page loads. It seems to be caused by these four files: http://svc.spellchecker.net/spellcheck31/lf/scayt/_base.xd.js http://svc.spellchecker.net/spe...
Hello I am having problems calling a web service using AJAX via HTTP when it's on an HTTPS page. Is this a cross-domain/protocol problem? Do I need to do the AJAX call in the same protocol as the page? Just wondering if it's the same problem as trying to do an HTTPS AJAX call when on an HTTP page, I suspect it is. Any advice appreci...
I am using CakePHP "HttpSocket" class to post information to a Paypal payments server. My code is working fine when the target URL is http://www.something.com, I can parse the response as I would like. However, when I am trying to post data to PayPals payment API URL (on HTTPS) I get no response whatsoever. I have tried the same code o...
My website is HTTPS and I use a redirect module to change any requests for a HTTP page into an HTTPS page. This works nicely using this... http://www.codeproject.com/KB/aspnet/WebPageSecurity.aspx However, the page also gets various script resources as part of the ASP.Net AJAX and Telerik controls e.g. http://www.mywebsite.co.uk/Scrip...
Hi, I know there is lots of topics regarding my question. I checked them all and tried them out but can't make it work. I need to rewrite http to https on some pages only. After visiting https pages the URL would go back to http. This is what I have so far: # Rewrite Rules for domain.com RewriteEngine On RewriteBase / #Rewrite www ...
Hello, I am using the Single Access Token from authlogic to sync data from a MS Access Database to a Rails App. Because I sort of think that the URL sort of exposes the single access token, I am uneasy about extended use. I have heard that if one uses basic http authentication, HTTPS is really important for security. Is my case similar? ...
Hi all, I'm considering to implement the classic 'remember-me' checkbox on my webapp to allow the authenticated user to be 'remembered' once he returns to visit my website. Gmail, Facebook and others have this kind of feature but I'm not too sure how secure it can be. A Java Framework like Spring Security uses an 'Hash-Based Token App...
My new ISP requires me to login for each session of internet usage. After a session gets timed out, it redirects to the provider website (https), where I have to enter the username and password. Since it logs out and terminates session I cannot schedule downloads during night. I was thinking of some way to automate this, probably write a...
I have a C# app that is sending soap requests over an https channel. Is there any way I can add tracing to just dump every request into a log file? I am getting an error, so im not sure if what I am sending is proper. ...
I login to a webpage using http:// I get redirected by javascript to https://. This opens a login page under https. After logging on successfully the next page is in http again. Why didn't the next page open with https as well. I am using JETTY as web server. ...
I have installed SSL on my server. My question is how can i forcehttps only on selected controllers/pages via the acegi plugin. Acegi plugin supports a property forcehttps, which when set to true makes all the pages secured once the user logs in. I want to change this behaviour where once the users log off, they should be redirected to ...
Our application is run over HTTPS which rarely presents any problems for us. When it comes to youtube however, the fact that they do not present any content over SSL connections is giving us some head ache when trying to embed clips. Mostly because of Internet Explorers famous little warning message: "Do you want to view only the web...
I have a windows service which exposes an endpoint over http. Again this is a windows service (not a web service hosted in iis). I then call methods from this endpoint, using javascript/ajax. Everything works perfectly, and this the code I'm using in my windows service to create the endpoint: //Create host object WebS...
I am not sure if this fits better on StackOverflow, but here goes: I want to programmatically log on to: http://wrds-web.wharton.upenn.edu/wrds/index.cfm?true I tried capturing the log on url using fiddler2 and HttpFox, but to no avail. Is this a server side script that I cannot capture? If so how can I do the log on? ...
I have a production environment which require access through a proxy server. Occasionally said server returns blank responses badly confusing the Metro web service library causing all kinds of interesting RuntimeExceptions. I believe the proxy is Squid. In order to handle these better, I would like to set up a similar scenario here wi...
I'm running selenium-rc 1.0.3 on a Mac OS X & Windows 7 and both seem to be giving my the annoying accept cert error in firefox. In reading the docs they say I should be able to just use the *firefox run mode and rc should take care of it for me via a proxy or something, but this appears to not work. The only solution that I was able to ...
Hi, I'm new here and on python too, and i need a code to login an HTTPS webpage the page is: ritaj.birzeit.edu and how can i know if its correct username or password , can you help in this :) ...
RewriteCond %{HTTP_HOST} !^www.example.co.uk$ [NC] RewriteRule ^(.*)$ https://www.example.co.uk/$1 [R=301,QSA,L] thats for the www, but I cannot figure out in a one-pass way how to force the https too? ...
Hello, Sending username and password as plaintext, but trough HTTPS; then on server hash(salt+password) and compare that with the hash in the DB. (salt is per-user) Doin' it right? :) Cheers PS: I'm using Ruby/Sinatra, gonna serve via lighttpd, I think. ...