mhtml AND SSL

hdtvrocks · November 18, 2010, 10:47pm

Hi all,

I’m working on a IE only web application and was hoping to utilize mhtml and data: URI to minimize our http requests. However, during my testing I ran into an issue with mhtml over SSL. Even though the reference to the mhtml destination is via https, IE7 (I assume 6 too) throws a non-secure error. I’ve verified via httpwatch that IE7 is really retrieving the files via https(actually retrieved in cache). I’ve seen some comments in stoyan’s blog entry stating the same result. Does anyone know of a solution for this?

jesper_mortensen · January 3, 2011, 1:12am

From Stoyan’s blog, in the post by “Veronica” from “September 25th, 2010 at 2:06 pm”:

"http://www.microsoft.com/technet/security/Bulletin/MS07-034.mspx
MIME Type Detection in Windows Internet Explorer (Windows) | Microsoft Docs
http://support.microsoft.com/kb/825803/
http://support.microsoft.com/kb/330994/

Why must full URLs be used in CSS url(…)?
Internet Explorer processes the mhtml: prefix(protocol) internally before and after sending a GET for the content. What is sent to the server is a normal HTTP GET request for the base resource file, exluding the !(BAM) and the multipart-indicator suffix. For example, if you request mhtml:http://my.example.com/ie-fix.mht!image.png in any version of IE, the browser interprets the mhtml: protocol as a request for multipart/related content and strips the ‘!image.png’ part-reference before sending a GET for http://my.example.com/ie-fix.mht (or before reading the file from cache). Upon recieving a response, IE resumes processing of the mhtml: protocol and uses the previously stripped reference suffix to extract the specific multipart resource from the returned (or cached) file resource.

Why won’t this work with some versions of IE?
Because of several security concerns (see references) many versions of IE will not properly serve multipart/related content when it decides the content mime does not match the URI. Affected platforms are IE7 on Vista/Windows7 and IE6 on any platform after installation of security update MS03-014 (this is an Outlook Express update, but KB330994 explains that IE uses Outlook Express to render MHTML content). In KB825803, Microsoft suggests changing the file extension to “.mht” to solve this problem. The full solution is to make sure the URI and mime-type match, and that they both indicate “Content-Type: multipart/related”. This means that to insure success of the multipart/related stylesheet technique on all versions of Internet Explorer you need to do two simple things. Configure your webserver to serve your file resource as “Content-Type: multipart/related” and ensure that the URI points to a resource ending with “.mht”

The two simple things:
ALWAYS use the .mht extension for multipart-encoded (MHTML) stylesheets.
AND Configure your web daemon to serve this extension as “Content-Type: multipart/related”
In short, don’t lie to IE about the content of your stylesheet file resource."

Does this solve the issue?

Topic		Replies	Views
ie7 on vista doesnt support mhtml Optimization Discussions	4	154	August 5, 2010
New connection for CSS files Discuss Test Results	2	130	May 2, 2011
What results ? Discuss Test Results	1	122	January 31, 2011
cookies domains over more than 1 protocol Optimization Discussions	5	165	June 16, 2014
[split] PTST not appearing for HTTPs requests? Support	3	120	May 19, 2016

mhtml AND SSL

Related Topics