We're working on a web application which allows the user to do some design for mobile devices. The user simply enters some url and that url is previewed inside some iframe. The problem is, our application is running on https and if the user enters a non-https address it's not displayed by the browser for obvious reasons...
So can we use some reverse-proxy configuration to overcome this issue somehow? For example we'll set the iframe url as http://myserver.com/?url=http://externalserver.com and the reverse proxy will simply return the externalserver.com content back...
Is something like this possible?
Related
I'm trying to inject the following iframe onto my https website:
Screenshot of code
Is it possible to use a http iframe on an https website?
This is the error I receive when I inject it currently:
The webpage at https://trk.slvrbck.net/aff_ad?campaign_id=191&aff_id=25171&format=iframe might be temporarily down or it may have moved permanently to a new web address.
Thanks!
you may include your http iframe in an https website. The https site will encrypt the http iframe once its data is being sent from client to server.
getting it to work is another deal on its own :
refer to this to get it to work
How to allow http content within an iframe on a https site
Anyone knows how to prevent browser auto complete for http/https. If i did access a site on https , and now i want to access it on http, the browser dosent let me, it automatically puts https in front of the link.
It is not the auto complete that sends you to https. I did some tests using wireshark connecting to http://www.google.com. See the results. The host is redirecting to the HTTPS site.
I have been using Windows Azure to host some of our internal utility projects using Web App. When I create a new web app say "MyTestApp", the default URL created in portal will be:
"http://MyTestApp.azurewebsites.net"
Refer Image
However, when I click this URL, it will not open in browser. To fix it, I have to manually append "s" in the protocol to make it
"https://MyTestApp.azurewebsites.net".
I understand that by default, Azure secures the *.azurewebsites.net wildcard domain with a single SSL certificate, so the clients can access the app at
"https://appname.azurewebsites.net"
But I wondering why the portal display the non SSL URL (http). Is there a reason for that?
Update:
I tested it with Firefox too (based on suggestion in comments) and tried both hitting URL as well as Browse button. Since the URL is http, on new tab, it just say "waiting for MyTestApp..." and then "waiting for login.microsoft.com...".
However, when I click this URL, it will not open the WebApp in browser.
If we click the URL and the [Overview] table is fully loaded, then it will work correctly . We also can browse the website via click the [Browse] option.
why the portal display the non-SSL URL (http)?
This may be the topic about advantage and disadvantage of Http VS Https. Generally, one of the primary blockers for HTTPS adoption is the fact that the HTTPS protocol is slow. Here’s a very informative ServerFault thread showing just how big of a slowdown.HTTPS encrypts traffic between us and a server. It is more security than HTTP. And Azure also allow HTTPS access to our WebApp and support to enforce HTTPS on our WebApp.
I'm using an iframe technology that places my html page inside of a 'landing page' hosted by our clients.
The problem in 1 situation is the page hosted by the client is HTTPS and it shows the Security Warning: Do you want to view only the webpage content that was delivered security? Yes No
I want this to be resolved... not sure what to do. We have an SSL certificate which works but that particular iframe page, when accessing via https on my local box, it shows the SSL Warning that its not valid.
Read this article for some background about mixed content. In general, you can't have a HTTP-based subframe of a HTTPS-based page; if you do, you'll encounter this warning in most browsers in some form or another (some show a notification bar, a broken lock, or other indicator).
You'll either need to change the page so that the top-level isn't HTTPS, or so that the subpage is also HTTPS and bears a valid certificate.
I am creating a website with password-protected pages in it.
I have two type of customer: 1. normal 2. secured
For secured customers, pages would be rendered over HTTPS whereas for normal customer, pages will be rendered over HTTP.
However, pages for both types of users would be same but the content will change.
Please note, the URL for the two users should be same except HTTP/HTTPS part.
Can anyone pls suggest how to structure the application so that the same page will act as both http and https?
Also would like to know, sometimes when we browse some HTTPS page and few of the items like image are referenced over HTTP then we get a cross in Address Bar indicating that some of the resources are not over HTTPS.
How can we overcome this problem, any suggestions?
This should be fine, when the user logs in, redirect them to an https:// page. Just use the same page addresses, only the scheme (http or https) needs to change.
To avoid problems with choosing between http or https (for example in image URLs like you mention), try to use relative URLs whenever possible, instead of absolute URLs. So if you're on https://test.com/index.html and want to display an image in an images directory, use /images/test.jpg (relative) rather than https://images/test.jpg (absolute).
If you have to use absolute, you can use a scheme-relative url - for example //images/test.jpg will use HTTP if the current page is using HTTP, and HTTPS if the page is using HTTPS.
See this question and this one for more details.