IE warning message box "this page contains both secure and nonsecure items" when applying "Simple" theme on a SharePoint site protected with HTTPS

This incident happened the other day… One of my SharePoint Admin support team counterpart here, asked me a question regarding a strange happening in SharePoint (or should I term it “puzzle” instead of “question”?). Well, the way he sounded, I felt like he is going to ask a question similar to what my 6^th grade teacher did (which was so difficult that I failedL). Lucky, it was about something broken in MOSS 2007 (again the Gods stood by my side).

Well, this was what he showed me… This dude had a MOSS site that was unnecessarily protected with SSL (I asked him why – answer was he has set it up for scenario testing) and when he tries applying “Simple” theme – BOOM!

Warning: This page contains both secure and nonsecure items

IE didn’t seem to like it too much and showed us its dislike as shown above in a message box. Well, he turned to me with a “glowy” look in his eyes (glowy – you know that kind of look when you think you have achieved something really big and you are very, I mean really very proud of it). But actually, he wanted help in figuring out why the heck IE complaints about this particular theme, while the others are fine. And I, as the more than willing to help dude I am, went ahead in finding out why this is the case.

Themes are groups of CSS & script files located at: <InstallDir>:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\THEMES. I opened the “SIMPLE” folder that defines the simple theme for MOSS. Opened the theme.css file inside it and did a simple file compare against another theme.css file of another theme definition. That moment was like uncovering a “hidden relic” when I figured the following:

.ms-topnavselected {
color:#003399;
background:url("https://localhost/topnavselected_simple.gif");
background-repeat:repeat-x;
border:solid 1px #bfbfbf;
border-bottom-width:0px;
border-left:solid 1px #fff;
background-color:#d1d1d1;
}

.ms-topNavHover {
background-image:url("https://localhost/topnavhover_simple.gif");
background-position:bottom left;
background-color:#fff;
border:solid 1px #ebebeb;
border-left:solid 1px #fff;
border-bottom-width:0px;
border-top:solid 1px #fff;
color:#000000;
}

Well, I would say a simple hard-coding, but a costly one J (if I can also add that). I removed those hard-coding and asked him to apply simple theme again on the SSL protected site and IE liked what I didJ. “There you go, you have a resolution” – I told to that fella. That guy frowns at me as if I have said something that’s totally banned!! Yes, kind of – I mean, modifying out of the box files isn’t a supported scenario (as I always do, here you go: 898631, I know it’s a bit boring to see this KB referred to again and again, but I kid not – you will know its importance after you did something like that and create a support ticket with MS supportJ). “So we are stuck now?” – He asked. “Who said so? I think we can have a hack for this scenario” – was my response. I gave him the logic and showed him how to get this fixed still not getting customer into an unsupported scenario. See the below:

1. Navigate to the THEMES folder.

2. Create a copy of the SIMPLE folder to a different location and name it SIMPLE.

3. Open SIMPLE folder that you have copied to a new location.

4. Edit SIMPLE.INF file following the steps below:

a. At the info section, verify the title is SIMPLE.

b. Change codepage to something like 10000.

5. Open the theme.css file in this folder.

6. Search for https://localhost/ and remove them from the two places show above.

7. Go back to the THEMES folder and rename the existing SIMPLE folder to something like SIMPLEBAD<BAD: Broken As Designed> J.

8. Copy the new SIMPLE folder where you have modified the theme.css files onto the location: <InstallDir>:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\THEMES.

9. Do an IISRESET because “they” say so and that’s it!

Well, the customer was really happy with the resolution we provided for this support incident. He just felt this could perhaps been prevented by a little care J

Watch out for more interesting “support incident encounters”.

Comments

• Anonymous
  July 02, 2007
  You might see the following message when you try applying &quot;Simple&quot; theme on a Microsoft Office

• Anonymous
  July 14, 2008
  The comment has been removed

• Anonymous
  July 14, 2008
  hi RM, unfortunately, no! An easy way to work-around this would be to backup your current theme.css and remove the "http://localhost" section from the file. However, what I've mentioned in this post is a more appropriate way to work-around this issue. cheers, Sridhar

• Anonymous
  December 29, 2008
  Thanks a ton for this info. :)

• Anonymous
  February 24, 2009
  hi, i'm getting this error only on site-settings-pages. I'm searching to fix this for a long time - with no luck. I fixed the http-Links in the theme.css, did an iisreset - but its still there. If i have a look a the quellcode of the loaded site with this warning, theres no stuff that is unsecure. Are there any other suggestions?

• Johannes

• Anonymous
  March 05, 2009
  Hi! Thanks for this solution. I would add two further things for people, like me, who are new to share point

1. To clarify step 6 :   background:url("http://localhost/topnavselected_simple.gif"); should be changed to   background:url("topnavselected_simple.gif");
2. It seems that on our MOSS2007 that the theme is cached.  So if like me you still get the error after the above, change the theme back to CLASSIC (or whichever), then change back to SIMPLE again.  Shimples! Thanks again! Griff www.smoothound.org

• Anonymous
  May 26, 2009
  The comment has been removed

• Anonymous
  June 29, 2009
  Thank so much. In IE 8 I tried to enable mixed mode, but unsuccessful. Developer decision is the better way. Thank again!

• Anonymous
  October 27, 2009
  thanks a bunch, tip for changing theme to something else and back to simple was the missing link for me :)

• Anonymous
  January 07, 2010
  I was stuck at finding the non-secure item on one particular site, while all others were working fine. My first guess was any customization and reference to non secure content by site modification team but they confirmed otherwise. Finally I came across Fiddler which pointed me to http://localhost/topnavselected_simple.gif and a quick search on this lead me here. Thanks a lot for the quick fix, it worked for me. Had to re-apply the Simple theme after replacing the CSS.

• Anonymous
  January 28, 2010
  The comment has been removed

• Anonymous
  April 19, 2011
  The comment has been removed