For the Internet Explorer (IE) users out there, I’m sure you’ve come across the dialog shown in the image on the right once or twice in your life. On several of our recent client projects I’ve been involved with, we’ve been doing a lot of changing over from unsecure to secure URLs via Secure Sockets Layer (SSL) certificates in SharePoint.
Invariably, as soon as you enable SSL and log in to SharePoint, you get this wonderful prompt: "Do you want to view only the webpage content that was delivered securely?”
What? Of course I don’t. So what is causing this warning? Well, there are a couple ways we can find out:
After deciding on the second option, I downloaded and installed Fiddler. Now, let’s see what HTTP web resources the page is calling.
1) First, we need to enable support of the HTTPS protocol. In Fiddler, click Tools –> Fiddler Options –> HTTPS tab, and check the boxes for HTTPS.
2) Now we’re ready. Have Fiddler up and running, minimize it, and log in to the SharePoint site where you get the prompt.
3) Go back to Fiddler, and let’s check out the results.
OK, we're good so far, all HTTPS. You can sort on the protocol column as well to help you. Hey, wait a minute...
Aha! So there are obviously some jQuery calls where the developers are calling the .js files from the public CDN instead of downloading locally into /_layouts. That’s fine, but in this scenario, it’s causing the mixed prompts.
4) Now you can politely go ask your developers to either point to the HTTPS versions of the web version CDNs, or download the version-specific .js files to the SharePoint server and update the code to call them locally. If it was you running jQuery on a page and not via a solution, you can take care of this yourself. You can find more on calling jQuery via CDN here. At a minimum, you should just be able to change the CDN URL to HTTPS from HTTP. The culprit might not be code, but loading an image from the Internet for example. Whatever the case, just make sure whatever you calling is being delivered securely.
5) Log in to SharePoint, and feel the joy of no mixed content prompts. High fives all around.
If you happen to have users using non-IE browsers, they won’t see the mixed prompt, but being mixed mode might affect functionality, branding, etc. In Firefox for example, it shows a different icon depending if it’s all secure or not:
If you would like more information on C5 Insight or this blog content, fill out our Contact form.
The complementary paper includes over 12 years of research, recent survey results, and CRM turnaround success stories.
This 60-second assessment is designed to evaluate your organization's collaboration readiness.
Learn how you rank compared to organizations typically in years 1 to 5 of implementation - and which areas to focus on to improve.
This is a sandbox solution which can be activated per site collection to allow you to easily collect feedback from users into a custom Feedback list.
Whether you are upgrading to SharePoint Online, 2010, 2013 or the latest 2016, this checklist contains everything you need to know for a successful transition.