[X4U] OT - Secure Web Page Validation Problem

[Eugene]

On Sat, Dec 17, 2005 at 10:17:05PM CST, Milton van der Veen <miltonlist at hurontel.on.ca> wrote:
: 
: I look after a web site for Sleeping Children Around the World. We  
: use PayPal for credit card donations and had to set up a sequence of  
: secure pages on our web site to handle that. We use our ISPs secure  
: server to save money.
: 
: But I keep getting people using Firefox browser who tell me they're  
: getting the HTML code in their browser instead of the rendered page.
: <https://host.zerowebhosting.com/scaw/secure/index.shtml>
:
[...]
:
: I've checked with my ISP and they assure me that their server is set  
: up correctly. They also tell me that the page is coded correctly. But  
: I still get regular complaints ... especially now as the giving  
: season is here.

Your ISP is run by morons.  Their web server is set up incorrectly.
When a browser goes to your URL, it gets the following response headers:

> Date: Sun, 18 Dec 2005 21:29:45 GMT
> Server: Apache/1.3.33 (Unix)
> PHP/4.3.10 Rewrit/1.1a mod_ssl/2.8.22 OpenSSL/0.9.7e
> Last-Modified: Sun, 18 Dec 2005 06:23:54 GMT
> Etag: "21b013-3e8a-43a5007a"
> Accept-Ranges: bytes
> Content-Length: 16010
> Content-Type: text/plain
>
> 200 OK

The "Content-Type" header is set to "text/plain".  This means that the
web server is telling your web browser that the following page is a
plain text page.  If it was set up correctly, it would report an HTML
page with a Content-Type of "text/html".

So why is Firefox having problems?  It's not.  It's operating in a
strict mode that tightly adheres to web standards.  Other browsers may
be more fault-tolerant.  They accept the Content-Type as plain text, but
upon receiving the page they inspect the page contents.  If the deep
inspection reveals that the page is actually an HTML document, browsers
internally mark the Content-Type as "text/html" and process it as an
HTML document instead of a plain text page.


-- 
Eugene
http://www.coxar.pwp.blueyonder.co.uk/