SitePoint Sponsor

User Tag List

Results 1 to 7 of 7

Hybrid View

  1. #1
    SitePoint Member
    Join Date
    Oct 2013
    Posts
    21
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Force browsers to load unsecured content

    I have an existing iframe application (php) that pulls in another web address. The problem is that the iframe is being utilized on an https site and pulling in a http site. Everything was working great but now some people are experiencing the browser blocking unsecured content and it just loads a white page rather than the pulled in content.

    Is there a way to force browsers to load unsecured content into the https page without each user having to check "yes, allow content".

  2. #2
    Barefoot on the Moon! silver trophy
    Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,524
    Mentioned
    51 Post(s)
    Tagged
    1 Thread(s)
    Not really. It's a security measure.

    The iframe content will also have to be loaded via HTTPS in order to supress the warning prompt. I'm not 100% sure if the iframe has to also use the same certificate as the main page or not, but from what I recall, I'm pretty sure that may be the case.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  3. #3
    SitePoint Member
    Join Date
    Oct 2013
    Posts
    21
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Force Flow View Post
    Not really. It's a security measure.

    The iframe content will also have to be loaded via HTTPS in order to supress the warning prompt. I'm not 100% sure if the iframe has to also use the same certificate as the main page or not, but from what I recall, I'm pretty sure that may be the case.
    Yeah. Can I load using "//somsite.com" instead of "http://somesite.com". And will it then still prompt for security alert?

  4. #4
    SitePoint Wizard TheRedDevil's Avatar
    Join Date
    Sep 2004
    Location
    Norway
    Posts
    1,190
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    If you are not able to deliver the content in the iframe across a SSL connection, then you should consider if you really need SSL on your page, since as some of your members has experienced some browsers will throw security errors.

    Quote Originally Posted by Force Flow View Post
    I'm not 100% sure if the iframe has to also use the same certificate as the main page or not, but from what I recall, I'm pretty sure that may be the case.
    No, it is enough that it is using a valid SSL certificate, it does not need to be the same one as the main page.

  5. #5
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,605
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    cd,

    What CP described is an intentional security feature coded into browsers.

    The only way for you to STEAL the content off the other website and post on yours is to read() the content then output as if it's yours. Frankly, that's PIRACY and frowned upon (ILLEGAL). In other words, link to the other website and let them display their (COPYRIGHT) content.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  6. #6
    Barefoot on the Moon! silver trophy
    Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,524
    Mentioned
    51 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by dklynn View Post
    What CP described is an intentional security feature coded into browsers.

    The only way for you to STEAL the content off the other website and post on yours is to read() the content then output as if it's yours. Frankly, that's PIRACY and frowned upon (ILLEGAL). In other words, link to the other website and let them display their (COPYRIGHT) content.
    The iframe could just be an ad or an embedded youtube video and not actually stolen content.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  7. #7
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,605
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by Force Flow View Post
    The iframe could just be an ad or an embedded youtube video and not actually stolen content.
    Too true! However, the OP did not say what content he will post (as his own?) on his website so the legal implications of using captured content needs to be addressed (to prevent newbies from becoming wannabe pirates).

    Once past the legal issue, it's actually a better question as to why SSL is required on a page which "must (?)" display non-SSL content.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •