locked
Http and Https Blob Files RRS feed

  • Question

  • Hi,

    We are trying to use static blob hosting for our CSS and JS files [sure everyone is]. However, we are facing a prob when it comes to HTTPS:// - it seems [please tell me I am wrong] that resources cant be requested from Blobs via https:// ? That is, we are required to also include static resources inside the package for HTTPS:// transfer and also in the blob for HTTP transfer ?

    How to use blob for both http:// and https:// of CSS/JS files ? 

    Use-Case

    User arrives at http://www.domain.com and grabs static CSS file from http://static.domain.com/css/style.css. User then proceeds to https://www.domain.com/logon - user must now request https://www.domain.com/style.css. 

    As far as I am aware - this is new request since otherwise we will get a "mix of http and https content". Inferring, that we are transfering 2x style.css to the user EVERYTIME "just" for https:// pages ?

    How can this be solved ? :S

    • Moved by DanielOdievich Tuesday, September 28, 2010 10:41 PM forum migration (From:Windows Azure)
    Thursday, August 19, 2010 6:21 PM

Answers

  • Public blobs should be downloadable via https... what kind of issue are you seeing?

    Oh, I wonder if when using a custom domain, the issue is that the SSL cert doesn't match the domain name.  It should work as long as you're using *.blob.core.windows.net.

    Thursday, August 19, 2010 8:06 PM
  • is there any intention to allow HTTPS for custom blob domain names ?

    thx


    Please submit the feature request to:

    http://www.mygreatwindowsazureidea.com/forums/34192-windows-azure-feature-voting

    thx


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Windows Azure Platform China Blog: http://blogs.msdn.com/azchina/default.aspx
    Tuesday, August 24, 2010 2:01 AM

All replies

  • Public blobs should be downloadable via https... what kind of issue are you seeing?

    Oh, I wonder if when using a custom domain, the issue is that the SSL cert doesn't match the domain name.  It should work as long as you're using *.blob.core.windows.net.

    Thursday, August 19, 2010 8:06 PM
  • hey steve,

    ah that might be the problem. is there any way to fix this for custom domains ? i.e. instead of using *.blob.core.windows.net.

    do we need to purchase a wildcard SSL cert or something ? [we currently just have a standard root / www. cert ? ]

    Thx

     

    Friday, August 20, 2010 3:36 AM
  • Hi,

    My suggestion is to use an HttpHandler to fetch resrouce from Blob storage instead of accessing Blob storage directly. In this way you may add additional authentication layer instead of allowing everyone to access your blobs. It also resolved the problem you mentioned in your original post.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Windows Azure Platform China Blog: http://blogs.msdn.com/azchina/default.aspx
    • Proposed as answer by Frederik V Friday, September 13, 2013 12:10 PM
    Friday, August 20, 2010 6:56 AM
  • Allen,

    I am pretty sure that Sparky (I just could not resist ;)) is using the CDN feature as his intent is to enable users to access his website's resources as fast as possible.

    Your suggestion achieves exactly the opposite.

     

    Friday, August 20, 2010 9:53 AM
  • Hi,

    Now that CDN is thrown in the mix, from what I have read it only supports HTTP (http://blogs.msdn.com/b/windowsazure/archive/2009/11/05/introducing-the-windows-azure-content-delivery-network.aspx ). Could that be the reason for multiple gets: one you're getting from CDN while the other directly from blob storage?

    Thanks

    Gaurav Mantri

    Cerebrata Software

    http://www.cerebrata.com

    Friday, August 20, 2010 11:27 AM
  • Nah - custom blob names don't seem to support HTTPS and you cant set a SSL cert for these either. That is, even with a Wildcard SSL - the custom blob name doesnt support HTTPS. Gives SSL error instead about *.blob.core.windows.net.

    @Trip - exactly what we are doing

    @Guarav - whether using CDN or not [just blob itself] - both don't seem to support custom name HTTPS which is a shame :(

    For now, seems we have to use custom name for static files and include CSS/JS inside the package for HTTPS - this sucks because it means the user will have to download resources 2x just for the https pages but we dont have a choice

    Friday, August 20, 2010 12:39 PM
  • is there any intention to allow HTTPS for custom blob domain names ?

    thx

    Sunday, August 22, 2010 6:50 AM
  • I've just come across the problem of HTTPS not being allowed on custom domain names for blob storage. This would be a great feature to add!
    Monday, August 23, 2010 3:02 PM
  • is there any intention to allow HTTPS for custom blob domain names ?

    thx


    Please submit the feature request to:

    http://www.mygreatwindowsazureidea.com/forums/34192-windows-azure-feature-voting

    thx


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Windows Azure Platform China Blog: http://blogs.msdn.com/azchina/default.aspx
    Tuesday, August 24, 2010 2:01 AM