[solved] Can anybody catch my non-ssl loading file?

[kendo451]

I'm using the https feature in the new CMSMS version on the following page, as well as using cms_stylesheet with [[root_url]] tags in all the image links.

I'm failing the secure SSL connection because something on the page is loading from an http: url instead of https.  The problem is, I can't find it.  (When I hit CTRL-U it renders in non-secure mode for some reason.)

To see what I'm talking about, go here, add a product to the cart and click Checkout.

http://vasesrus.com/products.htm

The billing page is this (which you can't see unless you have something in your cart):
https://vasesrus.com/billing.htm

I've noticed that the main css file link is the same in secure and non-secure pages of the site.  This makes me wonder if the cached css page is correctly setting the https as the root url.

Any ideas?

[NaN]

It is in your stylesheets.
There "http://" for background images is used even if in SSL mode.
If you disable stylesheets in your browser and reload the page everything is fine.

[kendo451]

Interesting.

This means that the {cms_stylesheet} doesn't do the trick for SSL, because it isn't regenerating the stylesheet with [[root_url]] if the browser loads the stylesheet in http followed by https.

[kendo451]

I solved the problem by removing [[root_url]] from the stylesheets and just using URL paths relative to the root URL.

url(/uploads/images/foo.jpg);

Works fine in http and https.

[Dr.CSS]

Including IE browsers?...

[kendo451]

It works in IE7 & IE8, but not in IE6