Friday, August 3, 2012

IE9, HTTPS, "Do not save encrypted pages to disk" option and odd behavior

This option is turned off by default. While I was troubleshooting SSL issues the check box was accidentally turned off and it took several days to find out why we had a bug in a web application reproducible at a single machine.

Web application used ActiveX component to load XSL and render a part of a page. Due to some reasons the part was not rendered properly. Investigations with network monitor showed that there're several requests aborted due to unknown reasons (response status was 200 OK, no any mention on possible cause):

Restoring the option back to FALSE solved the issue. Although it's name doesn't seem to be suspicious browser behavior changes drastically:
1. Any plug-in/add-in running inside IE that uses IE API for network calls may use a special API setting requiring saving the response to disk (INTERNET_FLAG_NEED_FILE) which will be blocked by browser
2. File downloads from HTTPS source will be blocked

In our case ActiveX component which worked for ages was not getting requested data due to the above specifics of how requests are handled with the option turned on. IE 10 seems to have the issues fixed.

See more details in this blog post.