Reputation: 1148
HTTPS iframe in HTTP page, browser false warnings
I have a facebook tab which is setup with a typical html form, that utilizes mod_rewrite to default to HTTPS because of sensitive data.
When a facebook user (without secured browsing) hits it with HTTP protocol, FF 23 and IE 10.0.9 throw error saying there is a protocol mismatch between the url and iframe(facebook tab). I think this feature was created to catch HTTPS pages with HTTP content on them, but in this case it's the opposite. These browsers don't care. The user has to "opt-in" to allow the rest of the site to load, making the user experience less than enjoyable, mostly because it kills some javascript.
Has anyone experienced this issue. If yes, what was your solution.
Thank you.
Upvotes: 3
Views: 1435
Answers (1)
Reputation: 249
Same Origin Policy as specified in RFC 6454 Subsection 3.2 covers the protocol, host, and domain.
Iow: Sorry, it's as designed.
Upvotes: 1
Related Questions
- Facebook iframe triggers unsecure/secure warning
- How should I resolve this conflict between facebook iframes and browser security?
- Facebook Oauth is failing in Iframe in IE and Firefox
- facebook iframe app is blank when using https
- Facebook Iframe App - prompting for secure content although I have SSL installed?
- https pages in facebook app/iframe
- Facebook iFrame tab problem with secure url (https)
- Facebook and Firefox iFrame error
- Facebook application iframe problem
- IFrame facebook app with httpS