Search code examples
sharepointsslsharepoint-2007wss-3.0isapi

Some SharePoint pages serve as http in https environment

I have a WSS 3.0 system using SSL where every page is supposed to be served as https. Almost all pages do come out as https, but in certain cases I click on a link and that brings up an http version of a page (which does not load). In those cases I have to put the 's' in by hand to get the page to load. Places where this happens are:

  • /_layouts/newgrp.aspx : when I try to create a new group, it takes me to http://server/_layouts/newgroup.aspx, although it should be https. The page does not load at http. It does load if I change the url by hand.
  • /_layouts/edtgrp.aspx : same thing as newgrp.aspx
  • if I go into a document library and view version history for a file, the URLs to the individual versions of that file are http. Interestingly, the browser status bar also indicates http when I hover over them (so it seems that SharePoint gets confused when it generates the links, rather than when I click on them)

To fix this, I have tried adding some javascript to the DOM that searches for instances of http and replaces them with https. This works in some cases, but there are some places where javascript can't reach, for example when SharePoint provides the target URL in response to a POST request, which I think is the case with newgrp/edtgrp.aspx.

I have also tried adding ISAPI filters to redirect pages from http to https. This seems to cause redirect loops, and in any case I'm not sure if such filters would preserve querystring or POST information.

Has anyone seen this problem?

Update: We have switched to ISA from Squid, and the problem continues in the version history, but not on new group or edit group. We have not seen any improvement yet from changing AAM settings.

Places where this is happening in ISA:

  • "Version History" under item in list or document library
  • "Manage Permissions" under item in list or document library
  • "Alert Me" under item in list or document library
  • "Add Users" menuitem in "People and Groups" page
  • "Group Settings" menuitem in "People and Groups" page
  • "Edit Group Quick Launch" menuitem in "People and Groups" page
  • "Set Up Groups" menuitem in "People and Groups" page
  • "List Settings" menuitem in "People and Groups" page
Solution

  • Alex answered this question with an approach that I think will generally work. Here is how I fixed this specifically.

    It looks like when a SharePoint aspx page is loaded, it populates a javascript structure of type ContextInfo (defined in init.js), which is instantiated in the variable ctx. That structure has a member called httpRoot, which is later used in core.js to build menuitems in various dropdown.

    This ctx.httpRoot is for some reason populated in javascript in the aspx files created by SharePoint with a line like this:

        ctx.HttpRoot = "http:\u002f\u002fsubdomain.domain.com";

    Yes, it has Unicode slashes and it has http instead of https. I have no idea why. But, fixing this line of javascript seems to fix the problem.

    I changed the line by adding a URL translation rule in ISA that converts http:\u002f\u002f\ to https:\u002f\u002f\ . I suspect that an HTTP module that makes the same replacement would also work. Or possibly some well placed javascript that reassigns the variable at some point.

    I still believe this is not ideal and there must be a more appropriate way to fix these links.