I recently moved to HTTPS. I am currently have a local time displayed on the site using the following code:
<iframe class="current-time" src="http://free.timeanddate.com/clock/i35r7kr2/n47/tlau/fs12/fcfff/tct/pct/ahl/th2/ts1" frameborder="0" width="54" height="14" allowTransparency="true"></iframe>
However now we are on HTTPS it does not show because its loaded from a http:// site so browsers don't display it.
Can someone advise a method of display our local time as http://free.timeanddate.com does not have an SSL certificate
ADDITON INFORMATION AS REQUESTED:
When we load the site that is now secure the place where the time was once displayed is blank and the browser indicates that some insecure content has been blocked. See https://www.reeffree.com.au/ to see a secure site - the missing part is under "Call Us Mon-Fri 7am-9pm & Sat-Sun 8.30am-7pm Brisbane, Australia (AEST). At ReefFree it's currently " that can be found on the right top of the page below the slider.
To see what it looked like before see the following link: http://www.extremefree.com.au/
Using this website you can see that it is the date and time script that is stated above that is causing the issue - I need to replace it with one with HTTPS: https://www.whynopadlock.com
The free service you're using supports HTTPS. Simply go back to http://www.timeanddate.com/clocks/free.html and when you get to the "Get HTML" step, choose "Secure Web Page" This will generate an <iframe src="https://... Note the URL is https instead of http
Related
I need help with a weird problem. I have an .aspx page where I'm placing the canonical URL of the page like this:
<link rel="canonical" href="http://example.com/page.aspx" />
When I access the page via HTTP it displays exactly as expected, but when I access it via HTTPS, the text in the canonical href attribute changes to HTTPS. I don't want that, I want it just as I wrote it there HTTP
Is it possible that the .NET configuration does this? I don't find anything that could cause it. Is there a setting in IIS? Where should I look?
I've tried writing a custom text in the value of href and it displays the as expected both on HTTP and HTTPS
I've tried writing the https:// version in the href and it displays it as expected (https) both on HTTP and HTTPS
I've tried writing "//:link" (without the protocol) and it displays "//:link" on both HTTP and HTTPS
So to summarize the question, how do I get the canonical tag to display "http://" when I access it via HTTPS?
I've been banging my head on the walls for the last 2 days about this issue and can't figure it out.
Please help!
I'm trying to display a iFrame with Looker SSO, I used looker_sso_tool to generate the Embed URL, and it shows the dashboard I want, however when I try to use the url with a localhost application it shows the error:
Refused to display 'https://xerpabr.looker.com/login' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
I also notice the requested URL from this tool has a Location Response of:
https://xerpabr.looker.com/embed/dashboards/2
While in localhost it is:
https://xerpabr.looker.com/login
I'm using the node_example of sso embed, just changing the return to display the iFrame, like so:
res.end("<iframe height=400 width=600 src=" + url + "> </iframe> ");
How can I solve that?
Could you try generating a URL from the tester tool (with preview turned off) and serving that exact URL from localhost? I suspect the problem may be with something in your script, even though you said you didn't change much.
That error is often a bit of a red herring that means your URL isn't authenticating properly— Looker sets x-frame-option headers on the login page that prevent it from being embedded, so if the generated URL doesn't work to log you in and instead redirects to /login, the error can appear. If you take a generated URL from your script and pass it through the Admin > Embed url verification tool, do you get any hints?
You could also try asking over on discourse.looker.com where there's a wealth of Looker experts!
I'm trying to create a web browser using Cocoa and Swift. I have an NSTextField where the user can enter the website he wants to open and a WebView where the page requested is displayed. So far, to improve the user experience, I'm checking if the website entered by the user starts with http:// and add it if it doesn't. Well, it works for most of the cases but not every time, for example when the user wants to open a local web page or something like about:blank. How can I check if adding http:// is necessary and if I should rather add https:// instead of http://?
You need to be more precise in your categorization of what the user typed in.
Here are some examples and expected reactions:
www.google.com: should be translated into http://www.google.com
ftp://www.foo.com: Should not be modified. Same goes to file:// (local)
Barrack Obama: Should probably run a search engine
about:settings: Should open an internal page
So after you figure out these rules with all their exceptions, you can use a regex to find out what should be done.
As for HTTP vs. HTTPS - if the site supports HTTPS, you'll get a redirect response (307 Internal Redirect, 301 Moved Permanently etc) if you go to the HTTP link. So for example, if you try to navigate to http://www.facebook.com, you'll receive a 307 that will redirect you to https://www.facebook.com. In other words, it's up to the site to tell the browser that it has HTTPS (unless of course you navigated to HTTPS to begin with).
A simple and fairly accurate approach would simply be to look for the presence of a different schema. If the string starts with [SomeText]: before any slashes are encountered, it is likely intended to indicate a different schema such as about:, mailto:, file: or ftp:.
If you do not see a non-http schema, try resolving the URL as an HTTP URL by prepending http://.
I'm using myRealPage to create Mobile links for me. In the settings it creates links for various things like listings etc... I can embed all the links but one into an iFrame. All the others work perfectly fine but this one
http://listings.myrealpage.com/wps/recip/25064/m.form
It just sits there and tried to load. I do get one error saying this
Uncaught SecurityError: Blocked a frame with origin "http://listings.myrealpage.com" from accessing a frame with origin "MYSITE". Protocols, domains, and ports must match.
I'm not really understanding that because all the other links contain the same listings.myrealpage in them and work fine.
The code I have for the iFrame is this
<iframe src="LINK" name="frame2" scrolling="auto" frameborder="no" height="800px" width="100%">
</iframe>
That's the same too for all the others but replacing the src part with the other links.
Hopefully there's an answer for this.
Thanks
That error message is due to the same-origin-policy
Usually, this is sent in a HTTP header and causes the browser to deny a load of IFRAME content unless there's an exact match of port, protocol and domain.
E.g. port - usually 443 for SSL, or 80 if standard HTTP - protocol (http for parent page and iframe, or https for both) and domain (blah.domain.com and blah2.domain.com would be a non-match)
Either remove the restriction of the same-origin-policy (you may not be able to do this if you do not govern the server), or, satisfy it. Then, you'll be able to render that content within a frame.
You could use something like Fiddler to determine the erroneous url (It's free to download from Telerik) and where the request occurs.
I have a client that, due to specific reasons, needs to place an IFRAME pointing to an HTTPS page on an HTTP page. The HTTP page is hosted on a different domain and server than the HTTPS page, but are both owned by the same client.
Putting aside the reasons why this should not be done, I am finding it difficult to implement in practice.
As one can see on this page: http://www.clevelandutilities.com/obppay.htm there is a HTTPS IFRAME on an HTTP page without any warnings from the browser (Firefox OR IE). However, if I try the same method, both Firefox and IE complain about the certificate.
Any ideas on why that is? I've examined the source at that sample site and can see nothing special being done, yet if I try the same thing I get squawking. Further, if I put the domain that they are using (https://www.paybill.com/cu/), it doesn't complain - if I put our domain it, it complains. Are all SSL certificates created equal?
To boil it down, this works without warnings:
<iframe src="https://www.paybill.com/cu/" width="100%" height="600" scrolling="auto"></iframe>
this does not:
<iframe src="https://www.myclientdomain.com/somepage.php" width="100%" height="600" scrolling="auto"></iframe>
Further, we use an IFRAME-style Facebook app to pipe in to this same HTTPS page, and THAT works with no complaints about the SSL certificate. Huh?!
After digging a bit, we uncovered that the certificate is specific to www.myclientdomain.com, and the developer in charge had used ...src="https://myclientdomain.com"... in the IFRAME. This was causing the following "Connection is untrusted" error screen:
The common practice for the host domain is to never use 'www' in the URL (enforced with .htaccess), whereas the standard for the source domain (the one with the certificate) is to always use it (enforced with .htaccess). That's what lead the other developer to leave it off - that's what he is used to for his site.
If one clicked "I understand the risks" even once for the source domain and added the certificate exception, any visit thereafter would have made it to the htaccess and be redirected to www-, which is why on my (and the other developer's) computer the page would load fine and check out normal in Firebug while our boss got the warning. We had both (apparently) added the exception for one reason or another in the past.
When we put it together, it was a real facepalm moment. Thanks to anyone who had given this question thought, sorry to have not checked the details carefully enough. :)