1

I have an iFrame in an HTTPS site. This iframe must point to an IP (not specific, there are hundreds of different ones) in HTTP. Currently, it doesn't work: "This request has been blocked; the content must be served over HTTPS" I imagine that one solution would be to use a reverse proxy but I can't find how.

The basic config would be:

HTTPS web server with iframe to HTTP (192.168.1.2)-> Reverse proxy with catch all HTTPS>HTTP (192.168.1.3) -> Device (IP like 192.168.0.x)

How can the proxy receive requests to device IPs since it does not own each of these IPs? How to redirect HTTPS to HTTP on the same IP?

Thanks!

Cu_Irl
  • 11
  • 2

1 Answers1

2

Navigating or redirecting to an HTTP URL in an iframe embedded in an HTTPS page is not permitted by modern browsers, as it's considered mixed content. Chrome for example may block the content with the following message:

Mixed Content: The page at 'your website' was loaded over HTTPS, but requested an insecure resource 'iframe http source '. This request has been blocked; the content must be served over HTTPS.

You will need to redirect the request through some online server, using HTTPS in the iframe to call your server, which will do the final HTTP call and return the results.

Converting the HTTP site to HTTPS will be the best solution, if possible.

For more information see the article What Is “Mixed Content,” and Why Is Chrome Blocking It?

Some browsers have settings for allowing "insecure content", so that such a mixed page can still work, but this is changing rapidly. You will need to research your browser version to find out if such an option exists.

Google posts the page Simple mixed content example! which tries to download a JavaScript script over HTTP, that can be used for testing.

harrymc
  • 498,455