Https and Http for iFrame

Because your server is HTTPS, the only way you can accomplish this is rendering the content on your server or getting the 3rd party to upgrade their server content to HTTPS. It’s just the rule of the Internet.

To fix the mixed content issue, pull all the JS and HTML you need into your own server. It’s a calculator after all right? Does it need a database? If you need permission then talk to the owner and see if there are options.

I would say change all URLS from http:// to // but you actually want to change EVERYTHING to https:// and if it fails… don’t use it.

I’ve faced a similar problem a while back from a video hosting solution. The only way to fix it was to call the company, set the CDN to HTTPS, and re-transcode all videos which forced the content onto the new secure server.

You just can’t embed insecure content into a secure site, for many good reasons…

Why HTTPS for Everything?

Every unencrypted HTTP request reveals information about a user’s behavior, and the interception and tracking of unencrypted browsing has become commonplace. Today, there is no such thing as non-sensitive web traffic, and public services should not depend on the benevolence of network operators. When properly configured, HTTPS can provide a fast, secure connection that offers the level of privacy and reliability that users should expect from government web services.

Prevent mixed content
( google )

Mixed content refers to a webpage where the initial HTML content is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are then loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources.

Mixed content ( mozilla )

When a user visits a page served over HTTPS, their connection with the web server is encrypted with TLS and is therefore safeguarded from sniffers and man-in-the-middle attacks. If the HTTPS page includes content retrieved through regular, cleartext HTTP, then the connection is only partially encrypted; the unencrypted content is accessible to sniffers and can be modified by man-in-the-middle attackers, so the connection is not safeguarded. When a web page exhibits this behavior, it is called a mixed content page.

To check for other mixed content on your site you can use a service like Why No Padlock?.

Related Posts:

  1. Custom Tumblr theme wont save because of non-https urls?
  2. How to fix “insecure content was loaded over HTTPS, but requested an insecure resource”
  3. Half circle with CSS (border, outline only)
  4. Unblur content inside blurring background div
  5. What character encoding is >?
  6. Setting table column width
  7. What is difference between png8 and png24
  8. How to center an iframe horizontally?
  9. How can I set the default value for an HTML
© 2024 Read For Learn