3

Our "portal-like" SharePoint site is served using HTTPS/SSL. So a user goes to **https://**web.company.com and sees content and different Web Parts. So far, no problem.

The desire now is to have new Web Parts added that either frame HTTP content (such as Weather Bug) or HTTP RSS feeds.

The issue that arises is that by doing this, results in a "Mixed Content" warning in the browser.

Has anybody successfully been able to implement such a scenario, or one similar to it? The options we have looked at, unsuccessfully, have been:

  • using Apache Reverse Proxy Server

  • mirror an external site

  • Custom Web Parts

kcb263
  • 94
  • 1
  • 5

2 Answers2

1

I would advise against changing the Zone settings as well. I resolved this issue using a small tweak to the XSL of the SharePoint RSS Web Part here:

Stop mixed content warnings in SharePoint's RSS Web Part

<xsl:template name="GetSafeHtml">
    <xsl:param name="Html"/>
    <xsl:choose>
        <xsl:when test="$rss_IsDesignMode = 'True'">
            <xsl:call-template name="strip-tags">
                <xsl:with-param name="text" select="$Html"/>
            </xsl:call-template>
        </xsl:when>
        <xsl:otherwise>
            <xsl:call-template name="strip-tags">
                <xsl:with-param name="text" select="rssaggwrt:MakeSafe($Html)"/>
            </xsl:call-template>
        </xsl:otherwise>
    </xsl:choose>
</xsl:template>

<xsl:template name="strip-tags">
    <xsl:param name="text"/>
    <xsl:choose>
        <xsl:when test="contains($text, '&lt;')">
            <xsl:value-of select="substring-before($text, '&lt;')"/>
            <xsl:call-template name="strip-tags">
                <xsl:with-param name="text" select="substring-after($text, '&gt;')"/>
            </xsl:call-template>
        </xsl:when>
        <xsl:otherwise>
            <xsl:value-of select="$text"/>
        </xsl:otherwise>
    </xsl:choose>
</xsl:template>

Basically, you paste over the GetSafeHtml template with a slightly modified version that calls a strip-tags template.

Good luck!

Holocryptic
  • 5,665
  • 2
  • 29
  • 37
Chrissy LeMaire
  • 111
  • 3
0

If you're using IE you can just enable "Display Mixed Content" (instead of prompt) in the security settings for your zone.

alt text

Sometimes it's better to check if the car's run out of gas before you replace the entire engine ;)

GregD
  • 8,713
  • 1
  • 24
  • 36
  • 1
    Ha! I love the analogy, and agree that this is the simplest method to achieve the end result. However, this is for the main internal company website so it would require a Group Policy to be pushed down to every user's browser to make that change. That may not be such a bad thing actually, and I will pitch it to the program manager. Especially if we can't figure out a way to accomplish what they are asking for. – kcb263 Dec 06 '09 at 18:36
  • 2
    Of course this warning is there for a reason ;) If I where a security admin I would never enable this just because someone wants the weather to show up on the intranet. Some external content providers do have https urls for their content setup for this reason, you might want to check.. – ArjanP Jan 07 '10 at 23:51