January 25, 2010

Configuring IE not to prompt for mixed content in SP2010

By default when accessing a SharePoint 2010 site over https, you get the following dialog displayed warning about mixed content (the exact dialog depends on your version of IE and Windows).

This is noted in a TechNet posting at:

http://social.technet.microsoft.com/Forums/en/sharepoint2010setup/thread/0e94371d-e6d7-4399-b2b6-0cf8b80167ba

The issue is that the following script tag is being inserted by SharePoint:

This is a generated script tag that can simply be removed from the master page.  We’re assuming that it will get fixed at RTM, but for now we just want it to go away.  There are two things that need to be done to do this.

The first is to add ignore://blank/ to the zone that is being used for the SharePoint SSL site.  We have a rule that adds *.envisionit.com to our local intranet, so we have to add ignore://blank/ there too.

The second change is to update the security settings for the zone you have added it to.  You need to enable rather than prompt for the mixed content in this zone.  Again a good reason to use the local Intranet zone, so you are not enabling this for any public SSL sites (of which many also do a poor job of keeping it pure SSL on a page).