IE warning message box "this page contains both secure and nonsecure items" when applying "Simple" theme on a SharePoint site protected with HTTPS

  • Article

This incident happened the other day… One of my SharePoint Admin support team counterpart here, asked me a question regarding a strange happening in SharePoint (or should I term it “puzzle” instead of “question”?). Well, the way he sounded, I felt like he is going to ask a question similar to what my 6th grade teacher did (which was so difficult that I failedL). Lucky, it was about something broken in MOSS 2007 (again the Gods stood by my side).

Well, this was what he showed me… This dude had a MOSS site that was unnecessarily protected with SSL (I asked him why – answer was he has set it up for scenario testing) and when he tries applying “Simple” theme – BOOM!

Warning: This page contains both secure and nonsecure items

IE didn’t seem to like it too much and showed us its dislike as shown above in a message box. Well, he turned to me with a “glowy” look in his eyes (glowy – you know that kind of look when you think you have achieved something really big and you are very, I mean really very proud of it). But actually, he wanted help in figuring out why the heck IE complaints about this particular theme, while the others are fine. And I, as the more than willing to help dude I am, went ahead in finding out why this is the case.

Themes are groups of CSS & script files located at: <InstallDir>:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\THEMES. I opened the “SIMPLE” folder that defines the simple theme for MOSS. Opened the theme.css file inside it and did a simple file compare against another theme.css file of another theme definition. That moment was like uncovering a “hidden relic” when I figured the following:

.ms-topnavselected {
color:#003399;
background:url("https://localhost/topnavselected_simple.gif");
background-repeat:repeat-x;
border:solid 1px #bfbfbf;
border-bottom-width:0px;
border-left:solid 1px #fff;
background-color:#d1d1d1;
}

.ms-topNavHover {
background-image:url("https://localhost/topnavhover_simple.gif");
background-position:bottom left;
background-color:#fff;
border:solid 1px #ebebeb;
border-left:solid 1px #fff;
border-bottom-width:0px;
border-top:solid 1px #fff;
color:#000000;
}

Well, I would say a simple hard-coding, but a costly one J (if I can also add that). I removed those hard-coding and asked him to apply simple theme again on the SSL protected site and IE liked what I didJ. “There you go, you have a resolution” – I told to that fella. That guy frowns at me as if I have said something that’s totally banned!! Yes, kind of – I mean, modifying out of the box files isn’t a supported scenario (as I always do, here you go: 898631, I know it’s a bit boring to see this KB referred to again and again, but I kid not – you will know its importance after you did something like that and create a support ticket with MS supportJ). “So we are stuck now?” – He asked. “Who said so? I think we can have a hack for this scenario” – was my response. I gave him the logic and showed him how to get this fixed still not getting customer into an unsupported scenario. See the below:

1. Navigate to the THEMES folder.

2. Create a copy of the SIMPLE folder to a different location and name it SIMPLE.

3. Open SIMPLE folder that you have copied to a new location.

4. Edit SIMPLE.INF file following the steps below:

a. At the info section, verify the title is SIMPLE.

b. Change codepage to something like 10000.

5. Open the theme.css file in this folder.

6. Search for https://localhost/ and remove them from the two places show above.

7. Go back to the THEMES folder and rename the existing SIMPLE folder to something like SIMPLEBAD<BAD: Broken As Designed> J.

8. Copy the new SIMPLE folder where you have modified the theme.css files onto the location: <InstallDir>:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\THEMES.

9. Do an IISRESET because “they” say so and that’s it!

Well, the customer was really happy with the resolution we provided for this support incident. He just felt this could perhaps been prevented by a little care J

Watch out for more interesting “support incident encounters”.