Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
950 views
in Technique[技术] by (71.8m points)

ssl - Insecure content in iframe on secure page

I'm in the in the process of developing an application for a client, which will have an SSL certificate and be served under https. However, to integrate with their existing site they want to provide their navigation inside an iframe.

I can see this causing trouble, as I'd expect the browser to complain about the mix of secure and insecure content on the page. I've had a look at similar questions on here and they all seem to refer to this the other way round (secure content in the iframe).

What I'd like to know, then, is: will it cause issues to have insecure content included inside an iframe, placed on a secure page , and if so what sort of problems would they be?

Ideally if it's not a good idea (and I have a strong feeling that it isn't) I need to be able to explain this to the client.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

If your page is http then it allows iframe with https content.

But if your page is https then it does not allow http content.

Lets put down following possibilities.

page - iframe - status

http - http  - allowed
http - https - allowed
https- http  - not allowed
https- https - allowed

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...