Our corp site lives on top of Joomla 1.5.3.
In order to secure the administrative access, we implemented a redirect that when asking for the admin login page, you are redirected to the same URL, via SSL (http://site/administrator
--> https://site/administrator
)
Everything seems to work just fine, login and admin session is encrypted, but when running the extPlorer extension, the left sidebar loads, the main frame sticks at "Loading..." for ever.
Removing SSL redirection works fine, but isn't what we desire.
Does this happen in every browser? Or only in certain browsers?
SSL is very very touchy regarding domains and subdomains, and browsers are touchy about permitting non-ssl content into an encrypted page.
I'm not familiar with navigation function of the extPlorer, but it sounds to me like it is loading using an AJAX call, and the most common issue with AJAX is cross-domain support. Switching from HTTPS to HTTP may be classified as this, depending on the browser.
AJAX calls can only be made to the same domain. If the AJAX request is hard-coded to http:// and you're using https://, the browser may reject the request (FireFox will log this as "Access is Denied" in the error log).
If it's not using AJAX, and is using, for example, an iFrame, then the browser's security settings could be blocking the iFrame from loading if it's pointing to a HTTP site as well.
Thirdly, if it's accessing a sub-domain for whatever reason (https://admin.site/administrator - for example) then the SSL certificate will not validate for this site and the browser will most likely block the response as well.