How to allow http content within an iframe on a https site
Based on generality of this question, I think, that you'll need to setup your own HTTPS proxy on some server online. Do the following steps:
- Prepare your proxy server - install IIS, Apache
- Get valid SSL certificate to avoid security errors (free from startssl.com for example)
- Write a wrapper, which will download insecure content (how to below)
- From your site/app get https://yourproxy.com/?page=http://insecurepage.com
If you simply download remote site content via file_get_contents or similiar, you can still have insecure links to content. You'll have to find them with regex and also replace. Images are hard to solve, but Ï found workaround here: http://foundationphp.com/tutorials/image_proxy.php
Insecure content in iframe on secure page
If your page is being accessed using https://www.example.com/main/index.jsp
(SSL) then your browser will complain with "This page contains both secure and insecure items" if there are any resources in the HTML code that are referenced with http://
(non-SSL). This includes iframes.
If your navigation page is hosted on the same server then you can prevent the "insecure content" message by using a relative URL like this...
<iframe src="/app/navigation.jsp" />
From your question it sounds like your navigation page is being served from a separate host and you're being forced to use something like this
<iframe src="http://otherserver.example.com/app/navigation.jsp" />
which will of course cause the "insecure content" message in your browser.
Your only solutions are to either
implement SSL on the server holding your navigation page so you can use
https://
for your iframe reference, ormove the navigation application to the same server so you can use a relative URL.
Personally I can't see why your navigation would be on a different host because then you're going to get JavaScript cross-domain scripting issues (unless some funky JSONP is involved).
HTTPS iframe inside a HTTPS page not working
If you carefully examine your HTML code and the error message, you'll notice a slight difference in URLs besides the protocol part:
https://example.github.io/page
- in theiframe
src
taghttp://example.github.io/page/
- in the error message
The reason could be that the URL https://example.github.io/page returns a redirect to the "canonical" version with the trailing slash (/page/
), but a redirect URL must be a full URL, and the server for some reason isn't including the actual protocol in the redirect URL, always using http://
instead. That could be due to configuration or coding at the server side (see also github issue #289).
As a workaround, use a URL that doesn't trigger the canonicalization redirect, i.e. https://example.github.io/page/
.
HTTP iframe on HTTPS page
It is not automatically, you should verify if the src of your iframe is connecting via https or not:
<iframe src="http://www.example.com"></iframe>
your iframe doesn't extend the https access from principal page.
Related Topics
How to Set Filename for Base64 Rendered Pdf Using Object Tag
How to Set Input Field With Current Date in Angular
How to Open Excel File in Browser, Not in Excel Application
Open an Exe File Through a Link in a HTML File
Removing Margin from Flex Items When They Wrap
Bootstrap Accordion Issue With Arrow
Html 5: Is It ≪Br≫, ≪Br/≫, or ≪Br /≫
Mystery White Space Underneath Image Tag
Floated Elements of Variable Height Push Siblings Down
Setting Attribute Disabled on a Span Element Does Not Prevent Click Events
How to Prevent Desktop Browser (Chrome, Safari) from Zooming a Webpage
Print Header/Footer on All Pages (Print Mode)
How to Prevent VS Code from Breaking Up Long HTML Lines into Multiple Lines