Ssl – SharePoint MOSS – Serve HTTP content on an HTTPS page without Mixed Content Warning

httphttpsreverse-proxysharepointssl

Our "portal-like" SharePoint site is served using HTTPS/SSL. So a user goes to **https://**web.company.com and sees content and different Web Parts. So far, no problem.

The desire now is to have new Web Parts added that either frame HTTP content (such as Weather Bug) or HTTP RSS feeds.

The issue that arises is that by doing this, results in a "Mixed Content" warning in the browser.

Has anybody successfully been able to implement such a scenario, or one similar to it? The options we have looked at, unsuccessfully, have been:

using Apache Reverse Proxy Server
mirror an external site
Custom Web Parts

Best Answer

I would advise against changing the Zone settings as well. I resolved this issue using a small tweak to the XSL of the SharePoint RSS Web Part here:

Stop mixed content warnings in SharePoint's RSS Web Part

<xsl:template name="GetSafeHtml">
    <xsl:param name="Html"/>
    <xsl:choose>
        <xsl:when test="$rss_IsDesignMode = 'True'">
            <xsl:call-template name="strip-tags">
                <xsl:with-param name="text" select="$Html"/>
            </xsl:call-template>
        </xsl:when>
        <xsl:otherwise>
            <xsl:call-template name="strip-tags">
                <xsl:with-param name="text" select="rssaggwrt:MakeSafe($Html)"/>
            </xsl:call-template>
        </xsl:otherwise>
    </xsl:choose>
</xsl:template>

<xsl:template name="strip-tags">
    <xsl:param name="text"/>
    <xsl:choose>
        <xsl:when test="contains($text, '&lt;')">
            <xsl:value-of select="substring-before($text, '&lt;')"/>
            <xsl:call-template name="strip-tags">
                <xsl:with-param name="text" select="substring-after($text, '&gt;')"/>
            </xsl:call-template>
        </xsl:when>
        <xsl:otherwise>
            <xsl:value-of select="$text"/>
        </xsl:otherwise>
    </xsl:choose>
</xsl:template>

Basically, you paste over the GetSafeHtml template with a slightly modified version that calls a strip-tags template.

Good luck!

Related Solutions

Apache – Serve HTTP and HTTPS on Same VirtualHost

You can't do this in one virtual host, because Apache needs to know which one's going to talk SSL and which one isn't (sidenote: nginx doesn't have this problem, you can tell it which listen directives relate to SSL; one of the many reasons I love it).

The way I manage this in Apache is to put all my non-SSL-related configuration into a separate file, and then have the two vhosts configured next to each other, each including the site-specific configuration file inside the vhost stanza, like this:

<VirtualHost 192.0.2.12:80>
    Include /etc/apache2/sites/example.com
</VirtualHost>

<VirtualHost 192.0.2.12:443>
    SSLEngine On
    # etc
    Include /etc/apache2/sites/example.com
</VirtualHost>

Force https entire site without redirecting http to https

No. You cannot magically make the visitor's browser choose the right protocol. A redirect is the way to do it.

Best Answer

Related Solutions

Apache – Serve HTTP and HTTPS on Same VirtualHost

Force https entire site without redirecting http to https

Related Topic