Okay....I posted here yesterday about some SSL problems I was having and got some very helpful responses
Got another one
I've got a form that is an Oracle Reports request that now posts to reports.pl
reports.pl determines whether or not the request is valid, and then points to one of two places
essentially:
if (invalid)
{ burp; }
else
{ print report; }
the 'print report;' statement is a very straightforward
my $req = HTTP::Request->new(GET => $good_url);
if ($rep_format eq 'HTML')
{ $req->header('Accept' => 'text/html');}
if ($rep_format eq 'PDF')
{ $req->header('Accept' => 'application/pdf');}
if ($rep_format eq 'DELIMITED')
{ $req->header('Accept' => 'text/plain');}
# send request
my $res = $ua->request($req);
if ($res->is_success)
{ print "Content-type: ".$res->header('Content-type')."\n\n".$res->
+content; }
else
{ print "Error: " . $res->status_line . "\n"; }
The catch: this is all on a secure server (I work in healthcare - security is high on priority totem-pole)
When I manually print the content-type headers, the user gets a "This page includes both secure and non-secure items..." - doesn't matter if they pick yes or no, the PDF comes up just fine
When I don't manually print the content-type headers, I get a 500, and the error log says that the content-type headers are invalid - basically, the first line of the PDF (%PDF-1.1) isn't a recognized content-type
printing the content-type headers or not doesn't affect the HTML version of the report at all - it comes up just fine with no warning
How should I include the content type headers so that it'll bring up the PDF without warning the user (and, incidentally, giving them the opportunity to violate the security of their web session)? Everything else is working perfectly, this is the last step/barrier...