Simple Theme and HTTPS
On a personal project I was doing with MOSS a few months back, I was working on using SSL with MOSS for an Internet facing MOSS site project. I had a MOSS web application with a publishing site template used on my root site collection. Everything was going great: I had SSL working on port 443 with a self-signed cert. But then I decided to use the OOB "Simple Theme" because it fit with the color scheme I was using on my master page for publishing pages.
At the point I assigned the Simple theme to my top-level site and then hit the HTTPS URL I got the warning message that Internet Explorer produces when you have mixed absolute HTTP and HTTPS URLs on the same page. The warning message reads "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?". But oddly enough, when I used any other OOB theme I did not get the warning message.
For some background, an example of when this warning message is produced would be if you had an HTTPS URL such as:
https://www.myweb.com/page.aspx
Then inside page.aspx hard coded an absolute URL for an external resource such as:
<html> <body> ... <img src="http://www.myweb.com/images/image1.gif"> ... </body> </html>
When you mix absolute HTTP URLs in a page that is being hosted on web application in IIS with an HTTPS binding, web browsers get uncomfortable and throw a warning message that, to a normal user, would be rather disconcerting -- for sure something you don't want on a production web site.
So at this point I was scratching my head -- why would changing the theme to the "Simple Theme" make Internet Explorer produce this warning? I double checked the HTML source of my master page, my page layouts, my linking CSS files and everything looked good, no hard coded HTTP references.
Then it hit me, this is only happening with the Simple theme not with any other theme -- so what about the linked "theme.css" file that defines the color scheme for the Simple theme in the "12/TEMPLATE/THEMES/SIMPLE" folder. So I opened up the theme.css file in notepad and did a search for "http" and lo and behold I found two entries hardcoded for "http://localhost/[image name].gif".
At the point I assigned the Simple theme to my top-level site and then hit the HTTPS URL I got the warning message that Internet Explorer produces when you have mixed absolute HTTP and HTTPS URLs on the same page. The warning message reads "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?". But oddly enough, when I used any other OOB theme I did not get the warning message.
For some background, an example of when this warning message is produced would be if you had an HTTPS URL such as:
https://www.myweb.com/page.aspx
Then inside page.aspx hard coded an absolute URL for an external resource such as:
<html> <body> ... <img src="http://www.myweb.com/images/image1.gif"> ... </body> </html>
When you mix absolute HTTP URLs in a page that is being hosted on web application in IIS with an HTTPS binding, web browsers get uncomfortable and throw a warning message that, to a normal user, would be rather disconcerting -- for sure something you don't want on a production web site.
So at this point I was scratching my head -- why would changing the theme to the "Simple Theme" make Internet Explorer produce this warning? I double checked the HTML source of my master page, my page layouts, my linking CSS files and everything looked good, no hard coded HTTP references.
Then it hit me, this is only happening with the Simple theme not with any other theme -- so what about the linked "theme.css" file that defines the color scheme for the Simple theme in the "12/TEMPLATE/THEMES/SIMPLE" folder. So I opened up the theme.css file in notepad and did a search for "http" and lo and behold I found two entries hardcoded for "http://localhost/[image name].gif".
posted by Jonathon J. Frost at
10:08 PM
7 Comments
Links to this post
