Wednesday, November 6, 2013

Unsecure content inside iframe page

Suppose that you have site A and site B. Site A is accessible through https, and you want to integrate site B to it via iframe. In order to avoid “Only secure content is displayed” message and blocking site B in the browser, site B should be accessible also via https:

   1: <iframe src="https://siteB.com" style="height: 200px; width: 100%"></iframe>

But it is not enough. If on site B page, which is shown in iframe, there will be any http links (e.g. js files included via http), you will again get “Only secure content is displayed” message, although this time site B won’t be blocked. Instead part of it will be shown in iframe immediately, but full page will be shown only when user will click Show all content button:

image

If you want to avoid this message completely, both site B should be access through https and content inside site B should have only https links.

No comments:

Post a Comment