I have enable Spring Security header.
But in IE11 page is loads very slow.
It's like first full white screen comes for 1-2 sec then page is loaded.
My code is like this:
<security:headers disabled="false">
<security:content-security-policy policy-directives="script-src 'self' 'unsafe-inline' 'unsafe-eval'" />
<security:cache-control disabled="true"/>
</security:headers>
In Firefox it's working fine but in IE11 its loading slowly.
Also I checked in IE11 headers getting added in response is different. One extra tag i.e. Etag is getting added in IE11 but in Firefox it's not getting added.
What could be the reason for slowness?
Related
I'm using Symfony2 and the liip/imagine-bundle however the images are not displayed on IE11 and just shows a X placeholder, other browsers are fine. Has anyone encountered this?
UPDATE
It seems that IE11 fails to get the content-type of a the image source. Basically I'm using an image source without the extension Ex. <img src="/myimage" /> this is fine with other browsers however for IE11 it doesn't seem to recognise the file type.
So what I did was to remove the no-sniff directive
<IfModule mod_headers.c>
#Header set X-Content-Type-Options: nosniff
</IfModule>
It seems that IE11 fails to get the correct content type of the image when no-sniff is turned on.
In Chrome I get the following error messages in the console
[blocked] The page at https://domain.com/home.html ran insecure
content from
http://domain.com/typo3temp/stylesheet_09c1ef800c.css?1345207892.
if I call https://domain.com. The user gets a page without stylesheets and images. What can I do against this?
The files are included like <script type="text/javascript" src="js/lib/jquery-1.5.1.min.js"></script> but I don't want to define the domain.
Should I completely switch to https by setting the base URL with https? Which other possibilites do I have?
I used
config {
baseURL = https://domain.com
}
and adapted all links which had a http in the beginning (otherwise the slider stopped working because Chrome didn't load the other ressources ...). Seems to work now.
I have a web application that uses ajax with prototype.js (Ajax.Updater).
new Ajax.Updater('someID','/some/url',
{
asynchronous:true,
evalScripts:true,
parameters:Form.serialize(Event.element(event).form),
requestHeaders:['X-Update', 'someID']
}
);
Some (not all) IE9 users experience a strange phenomenon.
UserAgent of normal (non-ajax) HTTP requests indicates that the browser is IE9, not in Compatibility View.
UserAgent of ajax HTTP requests indicates that the browser is IE7 (IE9's Compatibility View).
I want to force the browser not to use Compatibility View in ajax HTTP requests, but the html already has a meta tag : <meta http-equiv="X-UA-Compatible" content="IE=edge">.
Does anyone know the reason or workaround?
This is a possible solution - but not fully researched - try setting
Header set X-UA-Compatible "IE=edge"
in your httpd.conf or .htaccess file - this will add the X-UA-Compatible header to all responses from Apache to force IE not to use Compatibility Mode
I'm prompting users of IE to install the Chrome Frame add-on. If the user is on IE and doesn't have Chrome Frame installed, they are redirected (server side) to a page with a custom message and the install page in an IFrame:
http://www.google.com/chromeframe/?quickenable=true
After install has completed, Chrome Frame is not loaded in the current tab. Is there a way to force it to be? I've tried including redirect=True but that doesn't work because I have the page in a frame.
You make your pages work with Google Chrome Frame by adding a single tag, like this:
<meta http-equiv="X-UA-Compatible" content="chrome=1">
or by adding an X-UA-Compatible HTTP response header:
X-UA-Compatible: chrome=1
Add the meta tag to the html file which you are loading in the frame and it should initialize the chromeframe.
I find this kind of odd I haven't been able to find any information on someone with a similar issue. Anyway, I've integrated Spring Security with GWT, and it appears to work correctly...for the most part. I'm having a caching issue with the main html page in IE and Chrome.
I've separated out Spring Security login to a login.jsp that redirects to my Application.html page (the GWT page), and when I first start the app and access the page, it appears to be working fine in all browsers. I get directed to the login page, because I'm not authenticated.
The issue is that in Chrome or IE, if i close the browser after a successful login, and directly browse back to that Application.html URL, it still renders as if I'm authenticated. I look in my console, and the log statements for spring security verify I am not authenticated. The moment i hit f5 to refresh the page, I get directed back to the login.jsp url.
I'm lead to believe this is some caching issue because when I close the browser and reopen to the html page, even though it renders like I'm logged in, the console log statements say I'm not, and if I run in debug mode, the OnModuleLoad() in Application.java never gets hit.
Finally, this appears to work properly in firefox...If anyone has seen this issue or has any advice of where I need to look to fix, I would greatly appreciate the assistance.
I've encountered a similar problems with a web app that I've been working on. I attempted to prevent the browser from caching the page by adding these tags to the page:
<meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">
Unfortunately, this wasn't enough to prevent caching for all browsers. I finally ended up converting the page to a JSP page and adding these statements to the top:
<%
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);
%>
I haven't been able to reproduce the problem in Firefox, Chrome or Safari since I made the change. I haven't tested the page with Internet Explorer yet.