Mixed content in Chrome and IE

107.1k views Asked by At

In my HTTPS enabled site I have added an iframe that should show content from my other site, but it is not working under https.

<iframe  src="//myothersite.com"></iframe>

In Firefox latest version everything works good.

In Chrome, the iframe isn't loaded and in the console I see these two errors

Mixed Content: The page at 'https://mysite' was loaded over HTTPS, but requested an insecure resource 'http://myothersite.com'. 
This request has been blocked; the content must be served over HTTPS.
Failed to load resource: net::ERR_CACHE_MISS

In IE content load incorrectly and I see an alert message; if I click Allow Insecure Content, it loads correctly.

The question is: how I can do that IE and Chrome as in Firefox (load mixed content without any alerts)?

Note: I haven't changed any browser settings.

5

There are 5 answers

4
vtortola On BEST ANSWER

Actually Firefox has started to do the same: How to fix a website with blocked mixed content

It makes sense. If the user access a site using HTTPS is expecting to have a secured experience, and he may not be aware of parts of the application loading under not secure connections. That is the reason why the browser blocks such inconsistency.

You will need to provide HTTPS on myothersite.com.

0
morph85 On

I'm having other complication with CloudFlare, it doesn't load as the file has been cached as http. Just go to CloudFlare and "Purge Everything" in cache tab, or else turn on "Development Mode".

0
RallozarX On

I'm sorry this isn't as technical as the other answers, but I had the same problem linking jsquery like this, and for me it fixed just by changing http:// to https://. It may not work, but it worked for me and it might work for you.

1
Python Basketball On

enter image description here

when i set the url : <a href="http://127.0.0.1:8080/download/1.txt"></a> from a https request, it report error : Mixed Content: The page at 'https://127.0.0.1/index.html' was loaded over HTTPS, but requested an insecure resource 'http://127.0.0.1:8080/download/1.txt'.

This request has been blocked; the content must be served over HTTPS.
Failed to load resource: net::ERR_CACHE_MISS

when i added the target="_blank" to the url: <a target="_blank" href="http://127.0.0.1:8080/download/1.txt">, it works! , it works! it's well known that target="_blank" means opening the linked document in a new window or tab or a new request!

5
JisuKim82 On

Obviously it's best not to have mixed content to prevent MITM attacks but for those who can't control the url this should do the trick:

Change the src="http://linkToUrl.com" to

src="//linkToUrl.com/script.js"