It documented that url() references in CSS served over HTTPS need to explicitly list the full URL in order to avoid the ‘nonsecure’ warning on IE7 & IE6, but I just ran into a variation on this that I found non-obvious:
I’m making use of http://fancybox.net/ to display contextually relevant tutorial videos. In jquery.fancybox-1.2.6.css, there was an embedded, blank image:
background-image: url("data:image/gif;base64,AAAA");
Because that URL is not explicitly “https://” it caused IE7 to throw the “this page contains both secure and nonsecure items” even though the data was embedded in the CSS file. Changing that url to the explicitly https url of an actual gif solved the problem.
Advertisement
