SPServices.SPGetCurrentUser causes security warning in https environment

Question

I'm using SPServices.SPGetCurrentUser to, well, get the currently logged in user, then determine what group they're in, and finally disable a field based on that determination. It works, with one big problem. This is a SP 2010 Foundation Intranet only environment, and it's secured (SSL). So the only way to access our site is via https://internalurl.

I've never run into this problem before, using SPServices, but with this code, I'm getting the IE Security Warning: "Do you want to view only the webpage content that was delivered securely?"

By commenting out one line at a time, I've determined that the SPServices.SPGetCurrentUser line is what's causing the warning. I imagine it has to do with how/where it's looking for this information?

My question is, is there any way around this warning? Here are the solutions I've discovered so far, none of which really works for my scenario: 1. Add site to IE trusted sites, or otherwise adjust browser security settings. (we have 3000+ users, don't want to go this route) 2. Custom coded solution. (not an option, we're no-code only. JQuery and SPServices is as far as we go) 3. Don't use SSL. (Not an option. We're a financial institution, and even internal urls like this one, are only accessible via SSL.)

Here's the code:

<script language="javascript" type="text/javascript" src="/CodeLibrary/jquery.SPServices-0.7.1a.min.js"></script>
<script language="javascript" type="text/javascript">
$(document).ready(function() {
  $().SPServices({  
      operation: "GetGroupCollectionFromUser",  
      userLoginName: $().SPServices.SPGetCurrentUser(),  
      async: false,  
      completefunc: function(xData, Status) { 
        //if current user is not a member of this group...       
        if($(xData.responseXML).find("Group[Name='Change Control - Admins']").length != 1)  
        {  
           //...disable the following fields
           $("textarea[Title='Requirements']").attr("disabled", "disabled");  
        }  
      }  
    });  
});
</script>

Any ideas? Alternatives to SPServices.SPGetCurrentUser, etc?

Answer 1

I was able to figure this out on my own. Here's what I did...

SPServices.SPGetCurrentUser references a file in the /_layouts/ folder. In the SPServices code, that reference is relative. And for whatever reason, SharePoint doesn't automatically use https to find it. It just uses http...at least from what I can tell. So what I did was copy the jquery.SPServices-0.7.2.min.js file, rename it to jquery.SPServices-0.7.2.min.ssl.js, then update all of the references to the /_layouts/ folder (there are only a couple), to full https URLs. That solved the problem. No more Security Warning popup, and the code works as expected.

Hope this is useful to someone!