Results 1 to 5 of 5

Thread: Prevent mixed content error when embedding HTTP frame inside an HTTPS parent

  1. #1
    Join Date
    Nov 2009
    Location
    Isfahan, Iran
    Posts
    229
    Thanks
    46
    Thanked 1 Time in 1 Post

    Default Prevent mixed content error when embedding HTTP frame inside an HTTPS parent

    When I embed an HTTP frame inside an HTTPS parent, I get a security error in Chrome & Firefox. Is there any workaround to use an iframe tag without getting this error?

  2. #2
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Yes, of course. Use https for the iframe, or use http for the parent.

    If you want to keep the protocols mixed, then no, you will always get a security error. This is as it should be.

  3. #3
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    This is a problem. There is a reason for keeping secure connections secure. I'm not sure you get an "error message", but rather a security warning.* That's your browser being careful and warning you about the website. There's nothing technically wrong with it, but it is bad planning.

    [*Traq, do you know which is the case here? I haven't tried this and don't have an HTTPS server to play with right at the moment.]


    Is there a reason you need an iframe? Why not just link to the other, non-secure page? Note that some browsers (IE comes to mind) will inform you that you are leaving a secure page to go to an unsecure one.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  4. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Depends on the browser and settings. All browsers should give a security warning with mixed content; some of these warnings may look a lot like an error message. Depending on the browser/ user settings, the mixed content may or may not be displayed (not being the better case).

  5. #5
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    Right. But it's not an error. It's a browser warning for the user. The effect is similar, but it's a very different idea: it's just informing you that the page is doing two things at the same time, and in some cases it's blocked.
    At a very technical level, there's nothing impossible/wrong about that. At a practical/security level, it's a bad idea.


    Could a 7-year-old drive a car? Yes. Should they? No. Would someone yell at you? Probably. (And in fact, we'd hope they would.)
    That's exactly what's happening here.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

Similar Threads

  1. Replies: 0
    Last Post: 04-16-2013, 07:44 AM
  2. Replies: 0
    Last Post: 05-14-2011, 11:11 AM
  3. Need to iframe an https layered url on an http site
    By avdistribution in forum Looking for such a script or service
    Replies: 0
    Last Post: 05-14-2008, 03:08 AM
  4. http/ https problem
    By gavintat in forum PHP
    Replies: 2
    Last Post: 02-19-2008, 06:03 AM
  5. Access https in http page
    By ymdomar in forum JavaScript
    Replies: 3
    Last Post: 12-13-2006, 01:17 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •