1

Our Coldfusion webpage is served using https, but we sometimes get the dreaded error "Do you want to view only the webpage content that was delivered securely?" By using Httpwatch, I can see that it happens when the Coldfusion Missing Template Handler is called; the page missingtemplate.cfm is served using http. How can I configure it to always use https?

Jon Wilson
  • 726
  • 1
  • 8
  • 23
  • Are you sure it's CF doing this, and not your web server? – Peter Boughton Jun 26 '12 at 17:06
  • No, I am not sure. I don't know how it decides that. – Jon Wilson Jun 26 '12 at 17:17
  • What's the code you're using that forces people over to HTTPS (I assume you have something like that). Also, what is the output from the httpwatch? Is it possible that it's not the cfm page itself, but an asset on the page? If the page itself was non-secure, then you wouldn't get that error. If the page was secure, but an asset on the page was not, you would get that error. – Dan Short Jun 26 '12 at 17:29
  • Thanks, Dan, that comment may be leading me in the right direction. I think we need to configure Apache to always serve https. But to answer your question, what httpwatch tells me is that when the big complicated main page is called, sometimes a subpage somewhere is not available, and the missing template is called in it's place. The long term solution is to kill those bugs so that whatever it is is not called anymore, but meanwhile it would be nice to not have to deal with these errors. – Jon Wilson Jun 26 '12 at 17:40
  • 1
    When you say subpage, is this something that's called via AJAX? If you call a.cfm, and it cfincludes b.cfm, but b.cfm does not exist, then the missing template handler may be called, but that's not an AJAX request that should cause a non-secure error. *Unless* your missing template handler has an src or other resource identifier that starts with http://. That's why we'd need to see your httpwatch results to know exactly what's causing that non-secure error. – Dan Short Jun 26 '12 at 18:17
  • The files that are missing, that are being redirected to missingtemplate.cfm, are Coldfusion javascript files: /CFIDE/scripts/cfform.js and /CFIDE/scripts/masks.js. – Jon Wilson Jun 26 '12 at 18:40
  • It seems odd that the *ColdFusion* missing template handler is being called for missing JS assets. CF shouldn't have any part of that: it should be handled by the webserver. – Adam Cameron Jun 29 '12 at 07:10

1 Answers1

0

Given you say the missing files in this case are /CFIDE/scripts/cfform.js and /CFIDE/scripts/masks.js can you not work around the issue by establishing a /CFIDE/scripts virtual directory so that the web server doesn't think they're missing? If you don't want to be giving access to /CFIDE/scripts (which some people will rail against), then youc ould relocate them to your website dir and point CF at them with <cfajaximport>.

That said, this masks the issue, rather than solving it. However as per my comment against your question, I'm curious as to how CF is involved in a 404 situation with a non-CF file? It should be the web server dealing with that sort of thing, not CF. Is there some piece of the puzzle here you are not stating which would help explain this?

Adam Cameron
  • 29,677
  • 4
  • 37
  • 78