When a Confluence installation has been set up to use SSL for all traffic (and has an appropriate Base URL set), "mixed content" warnings are still displayed when loading the "preview" tab while editing the page.

Using tools like Wireshark and Fiddler, we (myself and a customer) have repeatedly verified that no non-HTTPS traffic is being transmitted.

Steps to reproduce within Confluence:

1. Using Internet Explorer 6.0 SP 3, log into an instance of Confluence that is secured. Make sure you use either a hostname or IP address rather than localhost (which belongs to a different security zone).
2. Edit a page, and then attempt to switch to the "Preview" tab. A "mixed content" warning appears.

In my reading of the javascript files associated with the preview tab, I can see multiple instances in which the src attribute of an iframe is set to "javascript:void(0)", which seems to be the root of the problem.

Steps to reproduce the problem in it simplest form:

1. Create a jsp file within your exploded war directory that contains the following source:

   <html>
   <head>
       <title>Errors</title>
   </head>
   <body>
   This is a test.
   
   <iframe src="javascript:void(0)"/>
   </body>
   </html>
   

2. Load the page from IE 6. A "mixed content" warning is displayed.