We've got a secure (delivered via HTTPS) Flex app that has been using RSLs for years. Just today, I noticed that Chrome was showing a "mixed content" warning for our app.
We're not getting this same warning in IE or Firefox. I poured over the requests in Chrome's developer tools, and there were only two HTTP requests:
These both appear related to the Adobe hosted Flex RSLs.
I changed my compilation options to merge libraries into code (no RSLs). As soon as I did this, the mixed content warning in Chrome went away (and so did these two HTTP requests). Switch back to RSLs, and the mixed content warning comes back (along with the two HTTP requests).
Turning off RSLs makes my app quite a bit fatter--over 600kb fatter. That's a lot. I want to use RSLs, like we've been doing in the past! How can this be fixed?
Chrome Version: 22.0.1229.94 m
Flash Player Version: 126.96.36.199
OS Version: Windows 7, 64 bit
Complete User-Agent string:
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4
After looking through the Build->Properties->Flex Build Path->Library Path settings, I found that the RSLs each have a "Deployment Path/URL" and "Policy file URL" value. For instance, for the text layout RSL, we've got:
Deployment Path/URL: http://fpdownload.adobe.com/pub/swz/tlf/188.8.131.525/textLayout_184.108.40.2065.swz
Policy file URL: http://fpdownload.adobe.com/pub/swz/crossdomain.xml
I went through each of the RSLs and changed both deployment and policy URLs to use HTTPS.
Once I did this, the mixed content warning in Chrome stopped showing up.
But I'm still at a loss as to why this started happening in the first place. As I indicated in my original post, we've had this app running for years and this is the first we've noticed a mixed content warning in any browser. What's going on?