I am trying to use an <iframe>
include of a google map, however the console is throwing several errors due to a mismatch, but there is no apparent mismatch, so I'm assuming it must be a function/process on the side of google maps.
Specifically with maps.google.com, there appears to be a change to the script for the iframe, according to this.
The errors in the console is this: ( I am getting at least 30 errors on page load )
Unsafe JavaScript attempt to access frame with URL http://www.developer.host.com/ from
frame with URL https://maps.google.com/maps/msmsa=0&msid=
212043342089249462794.00048cfeb10fb9d85b995&ie=UTF8&t=
m&ll=35.234403,-80.822296&spn=0.392595,0.137329&z=10&output=embed.
The frame requesting access has a protocol of 'https', the frame being
accessed has a protocol of 'http'. Protocols must match.
Since my site is http and NOT https, and the map url is http, why is the mismatch occuring, and how do I fix this to make them match?
This really is a bug of the embeddable HTML code, created by the standalone Google Maps page (maps.google.com -> click on link chain button to get the iframe based HTML code).
As said by aSeptik in the comments to your question, the corresponding bug report can be found here.
You can avoid that bug if you embed a Google Map using the Maps API. It does make no difference if you use the Maps API directly in your page or within an embedded iframe - both ways work fine.
Here is an example of some other map where I have used the Maps API within an iframe.
And here is an example of your own map using the Maps API - embedded right within the page.
The additional code needed for the Maps API is actually very small:
I have used jQuery here for convenience.
Cant say about the bug that aSeptik mentioned, but if you want to avoid the http/https issue simply dont write it in the URL.
Eg: Instead of writing 'http://maps.google.com' which will result in the warning you received, write '//maps.google.com', this will automatically take the current sessions scheme (http/https) and make the API call.
Hope this helps.
Adding the attribute
crossorigin="anonymous"
to the</iframe>
solves the issue:Example: