6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"HTTP iframe on HTTPS page\",\"text\":\"

I have a simple question, but can't find the answer that I'm looking for.

\\n\\n

Is a http iframe that's loaded on a secure https page also secured?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Samuel Hearn\"},\"upvoteCount\":3,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

It is not automatically, you should verify if the src of your iframe is connecting via https or not:

\\n\\n

<iframe src=\\\"http://www.example.com\\\"></iframe> \\n

\\n\\n

your iframe doesn't extend the https access from principal page.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Aymanadou\"},\"upvoteCount\":0}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","http",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/http/1","children":"http"}]}],["$","span","iframe",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/iframe/1","children":"iframe"}]}],["$","span","https",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/https/1","children":"https"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/ad2b74ab3ba8d186fa4bc5f90d27427a?s=256&d=identicon&r=PG","alt":"Samuel Hearn","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1170899/samuel-hearn","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Samuel Hearn"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",45]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"HTTP iframe on HTTPS page"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I have a simple question, but can't find the answer that I'm looking for.

\n\n

Is a http iframe that's loaded on a secure https page also secured?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",3]}],["$","p",null,{"children":["Views: ",11071]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","31302292",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/voZVc.png?s=256","alt":"Michael","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/5095594/michael","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Michael"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",11]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

A iframe with http source will not be displayed on a https website as it's considered mixed content and browsers like Chrome will block the content with the following message:

\n\n

\n
Mixed Content: The page at 'your website' was loaded over HTTPS,\n but requested an insecure resource 'iframe http source '. This\n request has been blocked; the content must be served over HTTPS.
\n

\n\n

So far I have not seen a solution to allow mixed content. \nThere has been a solution for Firefox which is based on redirecting the iframe source via another website that is hosted on the HTTPS Domain.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}],["$","div","9015893",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/be0b359becd3d11206ab659fcef3ac0a?s=256&d=identicon&r=PG","alt":"Aymanadou","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/771451/aymanadou","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Aymanadou"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1220]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

It is not automatically, you should verify if the src of your iframe is connecting via https or not:

\n\n

<iframe src=\"http://www.example.com\"></iframe> \n

\n\n

your iframe doesn't extend the https access from principal page.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",0]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","36989836",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/36989836","className":"text-blue-600 hover:underline","children":"Embedded HTTPS site in iframe"}]}],["$","li","43347398",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/43347398","className":"text-blue-600 hover:underline","children":"Embedding HTTP iframe in HTTPS iframe for HTTPS site?"}]}],["$","li","44076151",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/44076151","className":"text-blue-600 hover:underline","children":"Add iframe with jQuery from HTTP to HTTPS"}]}],["$","li","34911001",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/34911001","className":"text-blue-600 hover:underline","children":"HTTPS iframe within an HTTP page, how can I stop that?"}]}],["$","li","2527600",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2527600","className":"text-blue-600 hover:underline","children":"How to make a page with an HTTPS iframe appear secure"}]}],["$","li","30453241",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/30453241","className":"text-blue-600 hover:underline","children":"HTTP iFrame blank in HTTPS page"}]}],["$","li","27385689",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/27385689","className":"text-blue-600 hover:underline","children":"How to use http:// in https:// using iframe?"}]}],["$","li","27214186",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/27214186","className":"text-blue-600 hover:underline","children":"Viewing IFRAME independent of whether using HTTP or HTTPS"}]}],["$","li","11787038",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/11787038","className":"text-blue-600 hover:underline","children":"create iframe on https sites"}]}],["$","li","4600754",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4600754","className":"text-blue-600 hover:underline","children":"Using http based IFRAME in https URL"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

HTTP iframe on HTTPS page

Answers (2)

Related Questions