When I embed an HTTP frame inside an HTTPS parent, I get a security error in Chrome & Firefox. Is there any workaround to use an iframe tag without getting this error?

Yes, of course. Use https for the iframe, or use http for the parent.

If you want to keep the protocols mixed, then no, you will always get a security error. This is as it should be.

This is a problem. There is a reason for keeping secure connections secure. I'm not sure you get an "error message", but rather a security warning.* That's your browser being careful and warning you about the website. There's nothing technically wrong with it, but it is bad planning.

[*Traq, do you know which is the case here? I haven't tried this and don't have an HTTPS server to play with right at the moment.]


Is there a reason you need an iframe? Why not just link to the other, non-secure page? Note that some browsers (IE comes to mind) will inform you that you are leaving a secure page to go to an unsecure one.

Depends on the browser and settings. All browsers should give a security warning with mixed content; some of these warnings may look a lot like an error message. Depending on the browser/ user settings, the mixed content may or may not be displayed (not being the better case).

Right. But it's not an error. It's a browser warning for the user. The effect is similar, but it's a very different idea: it's just informing you that the page is doing two things at the same time, and in some cases it's blocked.
At a very technical level, there's nothing impossible/wrong about that. At a practical/security level, it's a bad idea.


Could a 7-year-old drive a car? Yes. Should they? No. Would someone yell at you? Probably. (And in fact, we'd hope they would.)
That's exactly what's happening here.