Unsafe iframe (http) on a secure (https) site

Question

Today I translated the site to https , but there were some difficulties with the IFRAME .

One of the pages of the site, with the help of iframe , loads the content of another site that does not have an SSL certificate and that works over http , but due to the fact that https - iframe installed on my site https - iframe does not load.

Firefox Firebug says: "Downloading mixed active content is blocked"

Tell me, is it possible to load an insecure site on a secure site using an iframe or other means?

nörbörnën nörbörnën 3,916 2 gold marks 17 silver marks 27 bronze marks · Accepted Answer · 2015-12-06T19:48:46

If you trust the content of the site in question, then you can try to proxy it through your web server, i.e. the request will be sent to your host, and the web server will proxy the request to the second site and return its response.

In apache, the proxyPass directive is used for this, in nginx proxy_pass is used.

Example for nginx:

 server { listen 443 ssl; ... location = /foreign-iframe { proxy_pass http://foreign.site.ru/test.asp; proxy_read_timeout 30; keepalive_timeout 60; proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-SERVER-PORT $server_port; proxy_set_header X-FORWARDED-FOR $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-ARGS $args; proxy_set_header X-REQUEST-URI $request_uri; } }

Unsafe iframe (http) on a secure (https) site

1 answer 1

More articles: