"Steve" <Steve@d...> wrote in message 
news:ADC98401-8A9F-419E-844D-57F4EDC429FB@m......
> Comments at the bottom of this message:
>
> "Joe Fawcett" wrote:
>
>> "Steve" <Steve@d...> wrote in message
>> news:3A15C5CE-0CB3-466C-A571-54A815B4FE69@m......
>> > Hi,
>> >
>> > I'm using browser-based XSL transformations, obtaining XML files that
>> > specify the corresponding XSL stylesheet to use, all via HTTPS from a 
>> > Java
>> > App Server (Tomcat 5.5.20 to be precise).  One of the XSL stylesheets 
>> > uses
>> > the XPath document() function to return an XML document.  The href
>> > attribute
>> > associated with the document() function references a servlet on the 
>> > Java
>> > App
>> > Server that dynamically creates the required XML and returns it.  This
>> > works
>> > fine when the servlet is accessed via HTTP, but fails in IE (6 and 7) 
>> > when
>> > the servlet is accessed via HTTPS.  Firefox has no such problems.
>> >
>> > I look at the server logs, and the HTTP(S) request initiated by 
>> > document()
>> > is being received by the server and XML content returned.  However, IE
>> > displays the following web page:
>> >
>> > The XML page cannot be displayed
>> >
>> > Cannot view XML input using XSL style sheet. Please correct the error 
>> > and
>> > then click the Refresh button, or try again later.
>> > --------------------------------------------------------------------------------
>> >
>> > The download of the specified resource has failed.
>> >
>> > Is there some configuration setting in IE that is preventing this from
>> > working?  Is there something I need to do to get this going or is this 
>> > a
>> > known bug?
>> >
>> > Many thanks,
>> > -Steve
>> >
>> IE is stricter on security than Firefox in this matter and treats this as 
>> a
>> cross domain request as you're using a different protocol. You can 
>> sometimes
>> fix this by changing cross domain settings in IE, there are a number of
>> different sections in the zone security panels.
>> You could also try the approach of accessing the main XSLT via https.
>
> But I'm not using different protocols (i.e., HTTP vs. HTTPS)!   The entire
> web application is accessed via HTTPS, not just the XML returned by this 
> one
> particular document() function call.  In other words, the XML document 
> that
> contains the initial stylesheet reference is accessed via HTTPS.  Thus, I
> assume that the referenced stylesheet must be fetched via HTTPS as well,
> since how else could it be returned to IE (i.e., there is no HTTP path
> available to fetch the stylesheet).  This stylesheet then makes a 
> document()
> function call back to the same server / same web app to return some
> dynamically created XML.  This must also be happening via HTTPS, since 
> once
> again, there is no HTTP path available.
>
> Thus, I don't understand your reference to a cross domain request since 
> only
> HTTPS requests are being made and they're all going to the same web
> application on the same server.  Anyway, I don't think I can ask my user
> community to change IE security settings to have the application work
> properly.  Unless there are other ideas, it looks like I'm going to have 
> to
> change to server-side transformations or tell folks that IE is not 
> supported
> (ya right :-).
>
> Thanks,
> -Steve
Sorry I misunderstood. The only thing I can think of is something related to 
the certificate on the server. Can you type the URL into the browser and 
retrieve the file?
Is there an warning related to the certificate.

Hope this helps, it's difficult to track these down when I can't test it for 
myself with something like Fiddler to watch the traffic.

-- 

Joe Fawcett (MVP - XML)
http://joe.fawcett.name