Description of problem:

I ave a java applet located in www.pippo.it/java/versione.jar
The applet is called from some html pages located in some folders (es. www.pippo.it/ita/dir/page.html).
It seems illogical to copy the same applet in all folders of the html pages that recall it.
This is the html code:

La versione di java installata sul tuo computer è la seguente:
<object type="application/x-java-applet" width="200" height="20" name="Versione java">
<param name="code" value="Versione.class"/>
<param name="archive" value="../../java/versione.jar"/>
<param name="permissions" value="sandbox"/>
nessuna. Devi <a href="http://www.java.com/it" target="java">installare</a> o abilitare java!
</object>


But there is always a security warning appears all times:

The application Versione java from
http://www.pippo.it/ita/dir/page.html uses resources from the
following remote locations:

* http://www.pippo.it/ita/dir
* http://www.pippo.it/java

Be very careful when application is loading from different space then
you expect. Are you sure you want to run this application?

For more information see:

JAR File Manifest Attributes

and

Preventing the Repurpsing of an Application

Note that the line "Codebase: www.pippo.it" in MANIFEST.MF is ignored.

Note also that "../../java/versione.jar" is not outside of the domain.

I do not understand the problem for security if the java applet and html page that calls it are in two different folders of the same domain!


Version-Release number of selected component (if applicable):

icedtea-web-1.6.1-3.fc23.x86_64

How reproducible:

See above

Steps to Reproduce:

See above

Actual results:

Security warning if html page and jar are in different folders

Expected results:

Security warning only if html and jar are in different domains