coredveloper — 2013-10-21T16:42:39-04:00 — #1
I have an existing iframe application (php) that pulls in another web address. The problem is that the iframe is being utilized on an https site and pulling in a http site. Everything was working great but now some people are experiencing the browser blocking unsecured content and it just loads a white page rather than the pulled in content.
Is there a way to force browsers to load unsecured content into the https page without each user having to check "yes, allow content".
force — 2013-10-21T17:21:43-04:00 — #2
Not really. It's a security measure.
The iframe content will also have to be loaded via HTTPS in order to supress the warning prompt. I'm not 100% sure if the iframe has to also use the same certificate as the main page or not, but from what I recall, I'm pretty sure that may be the case.
coredveloper — 2013-10-21T17:34:15-04:00 — #3
Yeah. Can I load using "//somsite.com" instead of "http://somesite.com". And will it then still prompt for security alert?
dklynn — 2013-10-22T03:52:37-04:00 — #4
What CP described is an intentional security feature coded into browsers.
The only way for you to STEAL the content off the other website and post on yours is to read() the content then output as if it's yours. Frankly, that's PIRACY and frowned upon (ILLEGAL). In other words, link to the other website and let them display their (COPYRIGHT) content.
force — 2013-10-22T09:54:43-04:00 — #5
The iframe could just be an ad or an embedded youtube video and not actually stolen content.
thereddevil — 2013-10-23T01:46:45-04:00 — #6
If you are not able to deliver the content in the iframe across a SSL connection, then you should consider if you really need SSL on your page, since as some of your members has experienced some browsers will throw security errors.
No, it is enough that it is using a valid SSL certificate, it does not need to be the same one as the main page.
dklynn — 2013-10-23T18:02:32-04:00 — #7
Too true! However, the OP did not say what content he will post (as his own?) on his website so the legal implications of using captured content needs to be addressed (to prevent newbies from becoming wannabe pirates).
Once past the legal issue, it's actually a better question as to why SSL is required on a page which "must (?)" display non-SSL content.