Dynamic images served over HTTPS display broken image in word when opening an HTTP document
We have an application that produces HTML documents which the user opens in word from the web server, so they open:
https://ourserver/ourapp/somepath/generateddocument.htm
That document contains image links like:
<img src="https://ourserver/ourapp/resources/image.jpg">
and
<img src="https://ourserver/ourapp/imagegenerator.aspx?some=querystring">
The first display, the second displays the classic broken image icon.
When opening in Internet Explorer, both render.
When tracing with Fiddler, both images are correctly returned.
Changing the second example to:
<img src="http://ourserver/ourapp/imagegenerator.aspx?some=querystring">
It displays.
However, in SOME word installs in the office both display.
What settings where should we be looking to understand why the latest word 2003 hotfixed word install on an up to date patched windows 7 install should be different between my machine and a colleague for the display of these items?
The problem here is the way IE caches SSL content or not.
If you enable the IE option "Do Not Cache Encrypted Pages to Disk" then the problem goes away.
You can also fix programatically in your image generation page by NOT sending a Cache-Control header.
The issue is that the way IE works with SSL served pages is to create a 0byte file on disk as a pointer to the volatile memory where the actual image is stored. So IE creates the file on disk, when it fetches the image. But the memory and file are presumably torn down when the IE instance word has used to retrieve the HTML and linked assets has completed.
So when the word rendering engine then tries to display the content, it's gone.
If you don't set a Cache-Control directive, OR You set the IE option, then this is not a problem.