Setting up the sandboxes for all these option is not feasible right now. So I am appealing to the community for help. This is a weird one and I just want to know what will work (most importantly in ie) and what wont.

1. Http page with an iframe containing https from the same domain //no idea
2. Http page with an iframe containing https from a different domain //no idea
3. Https page with an iframe containing https from the same domain //no idea
4. Https page with an iframe containing https from a different domain //no idea
5. Http page with an iframe containing http from the same domain //I know this works
6. Http page with an iframe containing http from a different domain //I know this works
7. Https page with an iframe containing http from the same domain //doubt this works
8. Https page with an iframe containing http from a different domain //doubt this works

For better reading ;)

╔═════════════════════╦═══╦═══════════════╦══════════════════╦═══════════════════╗
║ Page with an iFrame ║ c ║ inside iFrame ║      domain      ║       works?      ║
╠══════════╦══════════╣ o ╠═══════╦═══════╬══════╦═══════════╬═══════════════════╣
║   http   ║   https  ║ n ║  http ║ https ║ same ║ different ║                   ║
╠══════════╬══════════╣ t ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║     X    ║          ║ a ║       ║   X   ║   X  ║           ║      no idea      ║
╠══════════╬══════════╣ i ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║     X    ║          ║ n ║       ║   X   ║      ║     X     ║      no idea      ║
╠══════════╬══════════╣ i ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║          ║     X    ║ n ║       ║   X   ║   X  ║           ║      no idea      ║
╠══════════╬══════════╣ g ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║          ║     X    ║   ║       ║   X   ║      ║     X     ║      no idea      ║
╠══════════╬══════════╣   ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║     X    ║          ║   ║   X   ║       ║   X  ║           ║ I know this works ║
╠══════════╬══════════╣   ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║     X    ║          ║   ║   X   ║       ║      ║     X     ║ I know this works ║
╠══════════╬══════════╣   ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║          ║     X    ║   ║   X   ║       ║   X  ║           ║  doubt this works ║
╠══════════╬══════════╣   ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║          ║     X    ║   ║   X   ║       ║      ║     X     ║  doubt this works ║
╚══════════╩══════════╩═══╩═══════╩═══════╩══════╩═══════════╩═══════════════════╝

Please help! Thanks in advance.

Whether the containing page and the iframe are on the same domain or not doesn't really matter.

• Page served over http:// with an iframe using an http:// URL: works fine.
• Page served over http:// with an iframe using an https:// URL: works fine, but you won't be able to ensure the security of the iframe.
• Page served over https:// with an iframe using an http:// URL: will generate mixed content warnings, thereby introducing a potential security risk, and should be avoided.
• Page served over https:// with an iframe using an https:// URL: works fine. The users may find it hard to check that the iframe comes from the site they expect. They effectively trust the containing page to do the right thing (see 3-D secure problem).

I had the same problem and found a workaround working fine for me and my project:

Instead of using an iframe I use a popup-window (javascript window.open) where I place the iFrame. Before opening the popup-window I check if the SRC at the iframe starts with https. If so, I open the popup-window with https else I open the popup-window with http.

Hope this info will help some of you :-)