Mixed content in Chrome and IE

google-chrome security iframe https mixed-content
100,792

Solution 1

Actually Firefox has started to do the same: How to fix a website with blocked mixed content

It makes sense. If the user access a site using HTTPS is expecting to have a secured experience, and he may not be aware of parts of the application loading under not secure connections. That is the reason why the browser blocks such inconsistency.

You will need to provide HTTPS on myothersite.com.

Solution 2

Obviously it's best not to have mixed content to prevent MITM attacks but for those who can't control the url this should do the trick:

Change the src="http://linkToUrl.com" to

src="//linkToUrl.com/script.js"

Solution 3

I'm sorry this isn't as technical as the other answers, but I had the same problem linking jsquery like this, and for me it fixed just by changing http:// to https://. It may not work, but it worked for me and it might work for you.

Solution 4

enter image description here

when i set the url : <a href="http://127.0.0.1:8080/download/1.txt"></a> from a https request, it report error : Mixed Content: The page at 'https://127.0.0.1/index.html' was loaded over HTTPS, but requested an insecure resource 'http://127.0.0.1:8080/download/1.txt'. 

This request has been blocked; the content must be served over HTTPS.
Failed to load resource: net::ERR_CACHE_MISS

when i added the target="_blank" to the url: <a target="_blank" href="http://127.0.0.1:8080/download/1.txt">, it works! , it works! it's well known that target="_blank" means opening the linked document in a new window or tab or a new request!

Share:
100,792
vborutenko
Author by

vborutenko

Updated on March 30, 2020

Comments

  • vborutenko
    vborutenko about 4 years

    In my HTTPS enabled site I have added an iframe that should show content from my other site, but it is not working under https.

    <iframe  src="//myothersite.com"></iframe>

    In Firefox latest version everything works good.

    In Chrome, the iframe isn't loaded and in the console I see these two errors

    Mixed Content: The page at 'https://mysite' was loaded over HTTPS, but requested an insecure resource 'http://myothersite.com'. 
This request has been blocked; the content must be served over HTTPS.
Failed to load resource: net::ERR_CACHE_MISS

    In IE content load incorrectly and I see an alert message; if I click Allow Insecure Content, it loads correctly.

    The question is: how I can do that IE and Chrome as in Firefox (load mixed content without any alerts)?

    Note: I haven't changed any browser settings.

  • vborutenko
    vborutenko over 9 years
    Ok,It make sence if myothersite.com is not my site.But myothersite.com is my site and I can quarantee secure.I thinck browsers should provide such functionality
  • vtortola
    vtortola over 9 years
    You cannot guarantee anything. If the connection is not secure, anybody in the middle can eavesdrop the connection. IFRAMEs are like another browser tab, they use their own connection, and in this case it is insecure.
  • vborutenko
    vborutenko over 9 years
    i agree,but why firefox allow using insecure without any alerts?
  • vtortola
    vtortola over 9 years
    Firefox's mistake. In the link I provided it says it is blocking mixed content from v23.
  • Python Basketball
    Python Basketball over 8 years
    this is in the iframe!
  • towry
    towry over 7 years
    That wont solve the problem that sub http request send by the script.js. Add this <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">.
  • K8sN0v1c3
    K8sN0v1c3 about 5 years
    A combination of using src="//linkToUrl.com/script.js" and adding the suggested meta tag @towry has here solved the issue for me. I believe this is the best answer here.
  • UncaAlby
    UncaAlby over 4 years
    This only works if example.com is set up to accept HTTPS requests. It's pretty much the same thing as changing it from http://example.com to https://example.com. If one fails, they both will.
  • S Gaber
    S Gaber over 3 years
    where do i have to configure this thing?
  • Shurvir Mori
    Shurvir Mori over 2 years
    save my day @JisuKim82

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Unsafe JavaScript attempt to access frame in Google Chrome
"Cannot connect to the real Gmail.com"
Why do some websites show the company name next to the URL?
Force Chrome to Ignore a "weak ephemeral Diffie-Hellman public key”
Why does Chrome hate self-signed certificates so much?
Avoiding NavigatorUserMediaError "Only secure origins are allowed" on HTTP in Chrome
Chrome now blocking all jsonp requests from https to http?
How to get Chrome to allow mixed content?
Why am I suddenly getting a "Blocked loading mixed active content" issue in Firefox?
Change Browser settings by script