MFC CHtmlView - suppress mixed content warnings?

Question

This is MFC and CHtmlView but it probably applies to all IE web control use.

When the web control is navigating to a page on some sites we are getting the HTTP / HTTPS mixed content warning popup.

Is there any flag, command, or EXE specific registry key that can be set while our program is running that will disable the warning? Even better, can we choose the "yes" or "no" response?

We don't control the website so "fix the web page" is not an option. Our program is running on customer PCs so "go into IE settings" is also not a good solution.

Answer 1

Implement a Custom Security Manager on the control site class used by the CHTMLView derived class to handle URLACTION_HTML_MIXED_CONTENT with a success code. The control site is MFC's implementation of the ActiveX client site, from which the webbrowser control used in CHTMLView queries host capabilities.

If you use MFC 7.0 or higher, you need to replace the control site via an overriden CreateControlSite function. In MFC 6.0 you can only replace the control container globally by calling AfxEnableControlContainer with your own COccManager that overrides the CreateSite method.

After replacing the control site, add IServiceProvider and the security manager interfaces (, IInternetSecurityManager, optionally IInternetSecurityManagerEx and IInternetSecurityManagerEx2 ) via BEGIN_INTERFACE_PART/END_INTERFACE_PART macros on the control site class. If you are unfamiliar with the MFC macros, check TN038: MFC/OLE IUnknown Implementation. Your implementation should return INET_E_DEFAULT_ACTION unless when the method is ProcessUrlActionaction/ProcessUrlActionactionEx/ProcessUrlActionEx2 and the code is URLACTION_HTML_MIXED_CONTENT, then you need to return S_OK. Fill pPolicy's address with URLPOLICY_ALLOW to silently allow mixed content, or URLPOLICY_DISALLOW to disallow. Use URLPOLICY_QUERY to ask the user when needed.