When accessing our sharepoint site via HTTPS, users inside our network receive a prompt stating "Display nonsecure items?".
When accessing the site from outside our network via HTTPS, some images do not display at all. Some links do not function correctly as well.
We have found that this occurs when site administrators create images and/or link and display them using HTTP.
How can we seamlessly integrate HTTP and HTTPS so that we don't have to tell site administrators to use only HTTPS when creating images and links?
I have looked at our Alternate Access mappings, and here is the relevant info there:
http://computername Default http://computername
http://HostName Default http://HostName
http://subdomain.domain.com Intranet http://subdomain.domain.com
https://subdomain.domain.com Extranet https://subdomain.domain.com
http://computername:port Default http://computername:port
http://subdomain2.domain.com Default http://subdomain2.domain.com
http://computername:port2 Default http://computername:port2
...Some explanation: ComputerName is the name of the server.
HostName is just a single hostname DNS entry we have so people can quickly type for example "Sharepoint" in their address bar.
Subdomain is basically sharepoint.ourdomain.com. pretty self explanitory
Subdomain2 is for our Business Intelligence services server.
We have two entries with port numbers. One goes to central admin. the other gives an error and i'm not sure what its used for (if anything).
I inherited support of this application. I hope things arent too messed up.
So TLDR: How can I get HTTP and HTTPS working seamlessly together inside/outside our network to avoid missing images and invalid links?
Thanks all.
The problem is that the urls in the links and image src are absolute rather than relative.
http://subdomain.domain.com/someimage.gif is always going to use http as its an absolute link.
/someimage.gif is a relative link (the leading / means relative from the hostname) so if this url is from a http site it will use http, from a https site will use https (well technically depends upon the document BASE but you can ignore that for your purposes)
E.g. given the relative URL /somepage/someimage.gif
| When accessed from this page | Will mean this |
|---|---|
http://example.com/somepage/ |
http://example.com/somepage/someimage.gif |
httpS://example.com/somepage/ |
httpS://example.com/somepage/someimage.gif |
http://NEWDOMAIN.com/somepage/ |
http://NEWDOMAIN.com/somepage/someimage.gif |
and everything will work just fine with no warnings.
The built in CEWP puts all links in as Absolute. To fix -