SSL and EasyUploads and "Inavlid Security key."


if I using the EasyUploads Add-on with a SSL connection I’m getting a “Invalid security key” error on IE7 and IE8. With IE9 and Firefox all is fine. Without SSL it works in all browsers.

After I have open the page with the EasyUploads on it all is ok. But with the first action after that (press the easy upload button or close my view by press the “Close” button or something else) I get the “Invalid security key” after few seconds.

Anybody knows wats going on there?

Thanks and regards,


Are you using the multifileupload component ? Maybe it is the flash based fallback for old IE browsers that is causing some issues.


Hi Matti,

sorry for hi-jacking this Thread, but we also have some trouble using EasyUpload in combination with SSL. Our problem is the EasyUpload component does not work correctly in IE7 and IE8 using SSL.

Our technical setup:
We built a Portlet based on Vaadin 6.7.5 using the EasyUpload Addon 0.5.1. The Portlet is published in a Liferay 6.0.5 CE running in a Apache Tomcat 6 on Java 1.6 behind a Apache Webserver using SSL.

The Portlet and the EasyUpload runs well in modern browsers, a preview image is shown as expected:

In IE7 and IE8 the preview image does not work:

The same Portlet runs on a development server using no SSL and IE7 and IE8 run as well as IE9.

No Javascript Exception is thrown in the browser (at least I didn’t find any) and no Java Exception is thrown (at least I didn’t find any).

Is there any little trick to get EasyUpload running with SSL in IE7 and IE8?

Thank you in advance,

Hi all,

it seems we found the problem in our portlet. It was a problem with the MIME types the IE7 and IE8 sends for images. They are different from the standard which the portlet supposed.

We don’t know why, but this problem had absolutely nothing to do with SSL and it is a miracle for us why the portlet worked in a non SSL environment.

I apologize for eventually caused trouble.


This was no problem for me and I’m glad that this IE-lifreay oddity is now “documented” for others who might face the same. Thanks!


Found my problem!

The “Invalid Security Key” will be only occurred if the application runs on Glassfish. On Glassfish there are some other strange effects with file uploads (see also at this post: I have also debug the Vaadin code and I had figured out that the InputStream returned by glassfish (which contains the HTTP request) returns -1 like it is described in this post: . I had this effect tested on glassfish V3.1.1 B12 and with the newest glassfish V3.1.2.2 B5

After switching from glassfish to JBoss all runs fine :-))