einkoro
commented
11 years ago Requires consideration: Do we want to trust that $ENV{'HTTPS'} is set to on for anything using SSL? Not all HTTPds are configured to set the environment variable. From what I remember its standard in Apache, must be configured per SSL site in Lighttpd and I've never dealt with it under nginx.
The first time a user visits a page in IE versons lower than 9.0.9 over HTTPS they encounter Access Denied error parsing the stylesheets. Apparently relative path handling in XSLT is broken over HTTPS and 9.0.9 pushed out a fix.
Sadly the user agent string for IE doesn't have versions defined beyond 9.0 for any release so it looks like we will have to disable client side XSLT for IE versions lower than 10. We could perhaps check for HTTPS as a ENV variable and disable it based on that.