I have main page which opens via http. On this page I open iframe with same domain but via https and get error message:
Blocked a frame with origin "https://example.com" from accessing a
cross-origin frame
Is it possible?
If the main page (http) could access the iframe (https) it will be a security problem!
More informations this security feature: https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
Just move the main page to https, it will solve your problem and secure your visitors.
Related
I want a redirect to be triggered on a certain action but am running into issues with same origin policies.
Has anyone had any luck redirecting to external URLs (I can't use app.showPage)?
I've tried window.location.href but it's blocked because the iframe that the app is loaded into does not allow cross-origin requests.
At best I've gotten window.open to work but because of the cross-origin policy it opens in a new page even if the windowName parameter is set to window.name.
I have image handler working fine on HTTP. But The same page when access using https its not showing up the image. When check browser console for errors its showing "ERR_INSECURE_RESPONSE".
This usually occurs when you try to load content from http site into https site. This results into Mixed-Content error.
On http page you can load contents from http or https both but when you are on https site then you can load contents like images or iframe only from https sites.
In this case i assume that the site which is sending request is on https but your ashx page is on http site.
I'm trying to inject the following iframe onto my https website:
Screenshot of code
Is it possible to use a http iframe on an https website?
This is the error I receive when I inject it currently:
The webpage at https://trk.slvrbck.net/aff_ad?campaign_id=191&aff_id=25171&format=iframe might be temporarily down or it may have moved permanently to a new web address.
Thanks!
you may include your http iframe in an https website. The https site will encrypt the http iframe once its data is being sent from client to server.
getting it to work is another deal on its own :
refer to this to get it to work
How to allow http content within an iframe on a https site
I'm using an iframe technology that places my html page inside of a 'landing page' hosted by our clients.
The problem in 1 situation is the page hosted by the client is HTTPS and it shows the Security Warning: Do you want to view only the webpage content that was delivered security? Yes No
I want this to be resolved... not sure what to do. We have an SSL certificate which works but that particular iframe page, when accessing via https on my local box, it shows the SSL Warning that its not valid.
Read this article for some background about mixed content. In general, you can't have a HTTP-based subframe of a HTTPS-based page; if you do, you'll encounter this warning in most browsers in some form or another (some show a notification bar, a broken lock, or other indicator).
You'll either need to change the page so that the top-level isn't HTTPS, or so that the subpage is also HTTPS and bears a valid certificate.
I created the page in wordpress and set it https by the use wordpress https plugin. I have the problem that when I go to the http page link to the https page it shows in https. I want the rest of the pages should display in http when I go to the https link to http. How can I do it?
Thanks
There is a option in the https plugin,
"forced the external links"
check this option to display the pages in https only in case user goes to the https to http page. It does't display the http page in https. It displayed the selected pages in https.