Search code examples
htmliisiis-7httpsapplication-cache

Files don't respond to application cache updates over https, but do for http

We have a webapp that is configured to use an html cache manifest to cache all our files and work offline. Our app runs primarly through Google Chrome.

Until recently we haven't needed to run over https, and everything performed as expected over http. However, it's caching all the images over https (and possibly other files, but the images are the important bit), and REFUSES to let go of them.

Our release process is as follows:

  1. Release the newer image files to the proper location on the server (the IIS inetpub/wwwroot/.../images folder)
  2. Update the commented version number at the end of the cache manifest to force an update
  3. The webapp will auto-update on the next refresh (which it does)

What we would expect to happen is that the new image would start appearing immediately, but it does not. Even if visited directly through https://CLIENTDOMAIN/relpath/image.png, the image loads as the originally cached image. If the image is loaded through http at the same path, it properly displays the new image!

If the image is loaded through https on a browser that has never loaded it, (say firefox or opera), the incorrect, old cached image will STILL appear on https, but will appear as the new image over http. Restarting IIS does not have any effect, neither does deleting all the specific website data through the chrome settings (Settings->Advanced Settings->Content Settings->All Cookies and Site Data->Specific Domain)

Now, I'm suspecting that the issue lies somewhere within the depths of IIS, so here are the IIS settings we're using, we make all our changes though the IIS GUI:

IIS Settings

Our webapp runs off Default Website

Output Caching: disabled completely
Bindings: *:80 and *:443
SSL Settings: Not Required, ignore client certs
Everything else is likely standard.

Cache manifest: I've replaced the domain with CLIENTDOMAIN and our software name with OURBRAND or BRAND for the short version, just to be safe.

CACHE MANIFEST

#html
index.html
BRAND.html
#favicon.ico

#images
https://CLIENTDOMAIN/images/accept.png
https://CLIENTDOMAIN/images/add.png
https://CLIENTDOMAIN/images/watermark.png
https://CLIENTDOMAIN/images/BRAND_Icon_Round32x32.png
https://CLIENTDOMAIN/images/BRAND_Icon_Square57x57.png
https://CLIENTDOMAIN/images/break.png
https://CLIENTDOMAIN/images/calendar.png
https://CLIENTDOMAIN/images/clock.png
https://CLIENTDOMAIN/images/clock1.png
https://CLIENTDOMAIN/images/delete.png
https://CLIENTDOMAIN/images/display.png
https://CLIENTDOMAIN/images/downArrow.png
https://CLIENTDOMAIN/images/editgroup.png
https://CLIENTDOMAIN/images/filter.png
https://CLIENTDOMAIN/images/group.png
https://CLIENTDOMAIN/images/graph.png
https://CLIENTDOMAIN/images/hours.png
https://CLIENTDOMAIN/images/information.png
https://CLIENTDOMAIN/images/left.png
https://CLIENTDOMAIN/images/lock.png
https://CLIENTDOMAIN/images/loginInformation.png
https://CLIENTDOMAIN/images/minus.png
https://CLIENTDOMAIN/images/more.png
https://CLIENTDOMAIN/images/notes.png
https://CLIENTDOMAIN/images/notes1.png
https://CLIENTDOMAIN/images/person.png
https://CLIENTDOMAIN/images/person1.png
https://CLIENTDOMAIN/images/plus.png
https://CLIENTDOMAIN/images/Remove.png
https://CLIENTDOMAIN/images/right.png
https://CLIENTDOMAIN/images/search.png
https://CLIENTDOMAIN/images/text.png
https://CLIENTDOMAIN/images/time.png
https://CLIENTDOMAIN/images/timesheet.png
https://CLIENTDOMAIN/images/upArrow.png
https://CLIENTDOMAIN/images/user.png
https://CLIENTDOMAIN/images/usercheckSelected.png
https://CLIENTDOMAIN/images/weekly.png
https://CLIENTDOMAIN/images/daily.png
https://CLIENTDOMAIN/images/weekly1.png
https://CLIENTDOMAIN/images/daily1.png
https://CLIENTDOMAIN/images/checkOut.png
https://CLIENTDOMAIN/images/checkIn.png
https://CLIENTDOMAIN/images/check.png
https://CLIENTDOMAIN/images/telephone.png
https://CLIENTDOMAIN/images/ajax-loader.gif
https://CLIENTDOMAIN/images/expandArrow.png
https://CLIENTDOMAIN/images/collapseArrow.png
https://CLIENTDOMAIN/images/sign.png
https://CLIENTDOMAIN/images/signedIcon.png
https://CLIENTDOMAIN/images/unsign.png
https://CLIENTDOMAIN/images/addsign.png
https://CLIENTDOMAIN/images/sideArrow.png
https://CLIENTDOMAIN/images/downArrow.png
https://CLIENTDOMAIN/images/sideArrow2.png
https://CLIENTDOMAIN/images/qty.png
https://CLIENTDOMAIN/images/qty1.png
https://CLIENTDOMAIN/images/extra.png
https://CLIENTDOMAIN/images/extra1.png
https://CLIENTDOMAIN/images/noHours.png
https://CLIENTDOMAIN/images/sigCheckYes.png
https://CLIENTDOMAIN/images/sigCheckNo.png
https://CLIENTDOMAIN/images/userSigYes.png
https://CLIENTDOMAIN/images/userSigNo.png
https://CLIENTDOMAIN/images/bothSigYes.png
https://CLIENTDOMAIN/images/empSigYes.png
https://CLIENTDOMAIN/images/empSigNo.png
https://CLIENTDOMAIN/images/deleteArrow.png
https://CLIENTDOMAIN/images/target.png
https://CLIENTDOMAIN/images/graph1.png
https://CLIENTDOMAIN/images/transferHours.png
https://CLIENTDOMAIN/images/percentCalc.png
https://CLIENTDOMAIN/images/defaults.png
https://CLIENTDOMAIN/images/workOrder.png
https://CLIENTDOMAIN/images/workOrder1.png
https://CLIENTDOMAIN/images/footerRight.png
https://CLIENTDOMAIN/images/footerLeft.png
https://CLIENTDOMAIN/images/equipCheck.png
https://CLIENTDOMAIN/images/equipCheck1.png
https://CLIENTDOMAIN/images/activeTab.png
https://CLIENTDOMAIN/images/inactiveTab.png
https://CLIENTDOMAIN/images/prefs.png
https://CLIENTDOMAIN/images/ServiceDetail.png
https://CLIENTDOMAIN/images/Rehab.png
https://CLIENTDOMAIN/images/detailReportClient.png
https://CLIENTDOMAIN/images/detailReportDate.png
https://CLIENTDOMAIN/images/detailReportTime.png
https://CLIENTDOMAIN/images/memoUp.png
https://CLIENTDOMAIN/images/memoDown.png
https://CLIENTDOMAIN/images/rehabUp.png
https://CLIENTDOMAIN/images/rehabDown.png
#Branding Images
images/AppIcon.png
images/AppIconTransparent.png

https://CLIENTDOMAIN/js/jQuery/images/ajax-loader.png
https://CLIENTDOMAIN/js/jQuery/images/form-check-off.png
https://CLIENTDOMAIN/js/jQuery/images/form-check-on.png
https://CLIENTDOMAIN/js/jQuery/images/form-radio-off.png
https://CLIENTDOMAIN/js/jQuery/images/form-radio-on.png
https://CLIENTDOMAIN/js/jQuery/images/icons-18-white.png
https://CLIENTDOMAIN/js/jQuery/images/icons-36-white.png
https://CLIENTDOMAIN/js/jQuery/images/icon-search-black.png

#javascript
#https://CLIENTDOMAIN/js/ALDB/ALDB-min.js 
https://CLIENTDOMAIN/js/ALDB/ALDB.js 
https://CLIENTDOMAIN/js/ALDB/wsproxy.js
config.js

https://CLIENTDOMAIN/js/jQuery/jquery.mobile-1.0.min.js
https://CLIENTDOMAIN/js/jQuery/jquery-1.7.1.min.js

https://CLIENTDOMAIN/js/utilities/mdetect.js
https://CLIENTDOMAIN/js/utilities/jquery.crypt.js
https://CLIENTDOMAIN/js/utilities/jquery.xml2json.pack.js

https://CLIENTDOMAIN/js/simpleWeather/jquery.simpleWeather.js
https://CLIENTDOMAIN/js/exif.js

# UNCOMMENT NEXT FOUR LINES TO RELEASE
https://CLIENTDOMAIN/js/ALUI/UXCore.js
https://CLIENTDOMAIN/js/ALUI/UXTime.js
https://CLIENTDOMAIN/js/ALUI/UXProd.js
https://CLIENTDOMAIN/js/ALUI/UXMed.js

https://CLIENTDOMAIN/js/sigpad/jquery.signaturepad.min.js
https://CLIENTDOMAIN/js/sigpad/json2.min.js
https://CLIENTDOMAIN/js/sigpad/excanvas-r3.min.js
https://CLIENTDOMAIN/js/sigpad/excanvas-r71.min.js

https://CLIENTDOMAIN/js/iscroll/src/iscroll.js
https://CLIENTDOMAIN/js/iscroll/add2home.js

https://CLIENTDOMAIN/js/jQuery/jQuery.ui.datepicker.js
https://CLIENTDOMAIN/js/jQuery/jquery.ui.datepicker.mobile.js

#css
# UNCOMMENT NEXT LINE TO RELEASE
https://CLIENTDOMAIN/css/ALUX.css
https://CLIENTDOMAIN/css/add2home.css
#https://CLIENTDOMAIN/js/jQuery/jquery.mobile-1.0a4.1.min.css
https://CLIENTDOMAIN/js/jQuery/jquery.mobile-1.0.min.css

https://CLIENTDOMAIN/js/sigpad/jquery.signaturepad.css

https://CLIENTDOMAIN/js/jQuery/jquery.mobile.datepicker.css

NETWORK:
https://CLIENTDOMAIN:443/OURBRAND/WebSyncProvider.asmx
cache.manifest
http://maps.gstatic.com/
http://csi.gstatic.com/
http://maps.google.com/
http://maps.googleapis.com/
http://query.yahooapis.com/
http://l.yimg.com/
# COMMENT NEXT LINE TO RELEASE
#*
#v635421628124296068

HTML loading the cache manifest, and all webapp headers:

<html lang="en" manifest="cache.manifest">
    <head>
        <title>BRAND</title>
        <!-- Enable the homescreen app on mobile devices -->
        <meta name="apple-mobile-web-app-capable" content="yes" />
        <meta name="mobile-web-app-capable" content="yes" />

        <!-- Enable the App Icon -->
        <link rel="icon" type="image/png" sizes="196x196" href="images/AppIcon.png">
        <link rel="apple-touch-icon" href="images/AppIcon.png">
        <link rel="apple-touch-startup-image" href="https://CLIENTDOMAIN/OURBRAND/images/iPhoneStartup.png">

        <meta name="apple-mobile-web-app-status-bar-style" content="black" />
        <meta name="viewport" content="width=device-width" />
        <meta name="viewport" content="initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no, height=device-height, width=device-width" />

        <meta http-equiv="content-language" content="en">

        ...

I'm at a loss, and the application cache is hard enough to debug as is, without all these weird problems. Please let me know if I can provide more information to help someone point me in the right direction!

Solution

  • When defining the resource paths in your manifest for https, use only relative paths in order to respect the same origin policy:

    "Over SSL, all resources in the manifest must respect the same-origin policy. That is, all paths must be relative, or point to resources on the same host and port as the current page.

    The exception is Google Chrome, which doesn't follow the specification in this regard. Over SSL, Chrome will load resources from different origins so long as they are still served over SSL."

    Also, make sure your certificates are valid.

    http://appcache.offline.technology/