{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 疯言疯语 的问题《SSL iframe in and SSL page from a different domain》','https://www.manongdao.com/q-1316444.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Setting up the sandboxes for all these option is not feasible right now. So I am appealing to the community for help. This is a weird one and I just want to know what will work (most importantly in ie) and what wont.
- Http page with an iframe containing https from the same domain //no idea
- Http page with an iframe containing https from a different domain //no idea
- Https page with an iframe containing https from the same domain //no idea
- Https page with an iframe containing https from a different domain //no idea
- Http page with an iframe containing http from the same domain //I know this works
- Http page with an iframe containing http from a different domain //I know this works
- Https page with an iframe containing http from the same domain //doubt this works
- Https page with an iframe containing http from a different domain //doubt this works
For better reading ;)
╔═════════════════════╦═══╦═══════════════╦══════════════════╦═══════════════════╗
║ Page with an iFrame ║ c ║ inside iFrame ║ domain ║ works? ║
╠══════════╦══════════╣ o ╠═══════╦═══════╬══════╦═══════════╬═══════════════════╣
║ http ║ https ║ n ║ http ║ https ║ same ║ different ║ ║
╠══════════╬══════════╣ t ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ X ║ ║ a ║ ║ X ║ X ║ ║ no idea ║
╠══════════╬══════════╣ i ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ X ║ ║ n ║ ║ X ║ ║ X ║ no idea ║
╠══════════╬══════════╣ i ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ ║ X ║ n ║ ║ X ║ X ║ ║ no idea ║
╠══════════╬══════════╣ g ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ ║ X ║ ║ ║ X ║ ║ X ║ no idea ║
╠══════════╬══════════╣ ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ X ║ ║ ║ X ║ ║ X ║ ║ I know this works ║
╠══════════╬══════════╣ ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ X ║ ║ ║ X ║ ║ ║ X ║ I know this works ║
╠══════════╬══════════╣ ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ ║ X ║ ║ X ║ ║ X ║ ║ doubt this works ║
╠══════════╬══════════╣ ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ ║ X ║ ║ X ║ ║ ║ X ║ doubt this works ║
╚══════════╩══════════╩═══╩═══════╩═══════╩══════╩═══════════╩═══════════════════╝
Please help! Thanks in advance.
I had the same problem and found a workaround working fine for me and my project:
Instead of using an iframe I use a popup-window (javascript window.open) where I place the iFrame. Before opening the popup-window I check if the SRC at the iframe starts with https. If so, I open the popup-window with https else I open the popup-window with http.
Hope this info will help some of you :-)
Whether the containing page and the iframe are on the same domain or not doesn't really matter.
http://with an iframe using anhttp://URL: works fine.http://with an iframe using anhttps://URL: works fine, but you won't be able to ensure the security of the iframe.https://with an iframe using anhttp://URL: will generate mixed content warnings, thereby introducing a potential security risk, and should be avoided.https://with an iframe using anhttps://URL: works fine. The users may find it hard to check that the iframe comes from the site they expect. They effectively trust the containing page to do the right thing (see 3-D secure problem).