Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Mixed content in Chrome and IE

In my HTTPS enabled site I have added an iframe that should show content from my other site, but it is not working under https.

<iframe  src="//myothersite.com"></iframe> 

In Firefox latest version everything works good.

In Chrome, the iframe isn't loaded and in the console I see these two errors

Mixed Content: The page at 'https://mysite' was loaded over HTTPS, but requested an insecure resource 'http://myothersite.com'.  This request has been blocked; the content must be served over HTTPS. Failed to load resource: net::ERR_CACHE_MISS 

In IE content load incorrectly and I see an alert message; if I click Allow Insecure Content, it loads correctly.

The question is: how I can do that IE and Chrome as in Firefox (load mixed content without any alerts)?

Note: I haven't changed any browser settings.

like image 279
vborutenko Avatar asked Nov 26 '14 12:11

vborutenko


People also ask

Does Chrome allow mixed content?

As of July 2020, Chrome has pushed these changes out to users (Chrome version 84 and later), which has resulted in mixed content being blocked and messages related to connections not being secure being thrown in the browser bar. As of January 2021 (Chrome 88) Mixed content of all forms will be blocked in Google Chrome.


1 Answers

Actually Firefox has started to do the same: How to fix a website with blocked mixed content

It makes sense. If the user access a site using HTTPS is expecting to have a secured experience, and he may not be aware of parts of the application loading under not secure connections. That is the reason why the browser blocks such inconsistency.

You will need to provide HTTPS on myothersite.com.

like image 183
vtortola Avatar answered Sep 20 '22 23:09

vtortola