Force browsers to load unsecured content

coredveloper · October 21, 2013, 8:42pm

I have an existing iframe application (php) that pulls in another web address. The problem is that the iframe is being utilized on an https site and pulling in a http site. Everything was working great but now some people are experiencing the browser blocking unsecured content and it just loads a white page rather than the pulled in content.

Is there a way to force browsers to load unsecured content into the https page without each user having to check “yes, allow content”.

force · October 21, 2013, 9:21pm

Not really. It’s a security measure.

The iframe content will also have to be loaded via HTTPS in order to supress the warning prompt. I’m not 100% sure if the iframe has to also use the same certificate as the main page or not, but from what I recall, I’m pretty sure that may be the case.

coredveloper · October 21, 2013, 9:34pm

Yeah. Can I load using “//somsite.com” instead of “http://somesite.com”. And will it then still prompt for security alert?

dklynn · October 22, 2013, 7:52am

cd,

What CP described is an intentional security feature coded into browsers.

The only way for you to STEAL the content off the other website and post on yours is to read() the content then output as if it’s yours. Frankly, that’s PIRACY and frowned upon (ILLEGAL). In other words, link to the other website and let them display their (COPYRIGHT) content.

Regards,

DK

force · October 22, 2013, 1:54pm

The iframe could just be an ad or an embedded youtube video and not actually stolen content.

TheRedDevil · October 23, 2013, 5:46am

If you are not able to deliver the content in the iframe across a SSL connection, then you should consider if you really need SSL on your page, since as some of your members has experienced some browsers will throw security errors.

No, it is enough that it is using a valid SSL certificate, it does not need to be the same one as the main page.

dklynn · October 23, 2013, 10:02pm

Too true! However, the OP did not say what content he will post (as his own?) on his website so the legal implications of using captured content needs to be addressed (to prevent newbies from becoming wannabe pirates).

Once past the legal issue, it’s actually a better question as to why SSL is required on a page which “must (?)” display non-SSL content.

Regards,

DK