We have a web site in the domain, let's name: http://website.com. It is necessary to implement same look-and-feel on another web site (https://custom.website.com)开发者_运维技巧. As we can see, the 2nd is in the sub-domain of the 1st one, but it is secured (it uses https).
To achieve same look-and-feel same DLLs are used in both web sites. These DLLs contain functionality for menus, JavaScripts, etc). But the 2nd web-site uses images and some css files from the 1st one. For example, in order to display "Logo.png" instead of usual "~/Images/Logo.png" the following path to file is rendered into HTML: "http://website.com/Images/Logo.png"
All stuff was done on the local environment, and work perfect (http://localhost/ referred to http://website.com).
BUT, when web-site was deployed to 'real' (development) environment we got surprise: IE notifies:
webpage contains content that will not be delivered using a secure HTTPS connection
I see option to resolve an issue: we could include images into secured web site and use them locally, but in this case we will need to do redeployment if something changed on the main web site.
Question: is there any workaround, how from secured web site we could use images that are located on the non-secured.
Thanks. Any thoughts are welcome.
P.S. I am using ASP.NET 3.5, web sites are hosted under Windows 2008
You need to host your images, CSS and scripts (more generally, whatever is loaded from the webpage) on your HTTPS site too to avoid mixed-content.
Depending on the level of security and isolation you could set up a shared virtual directory for the two websites that point to the same physical location.
Example, create a directory at C:\inetpub\shared-static
and create a virtual directory /static
under each website pointing to C:\inetpub\shared-static
. From there both websites can refer to the image like ~/static/logo.png
as necessary for shared content. When the directory has a new file (or replaced file) placed in it, both websites will refer to the same file.
If you can enable support of https on the main web site, you could use https for the image urls instead of http.
Alternative as others have suggested is to sync images / or used a shared location when serving them.
I see workaround:
on the 2nd web-site implement functionality that will check (once per day or per hour) if own images are the latest and update them when necessary...
That is a some work, but with such solution web site will be easier to support.
If you see a better option, please let me know.
Thanks.
精彩评论