Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

Embedding "http" URL in "https" site

anushap40132887
Level 4
Level 4

We have a requirement to embed a URL  of a third party site in an Iframe, into our AEM site. The third party URL uses "HTTP" scheme.

Since our site uses “HTTPS” scheme , when the page is loaded, it is prompting for “Load Unsafe script” and the iFrame is rendered only if we accept it.

(We have tried to provide some sample url with “https“ scheme within iFrame, but in that case content is not getting displayed due to “X-FRAME OPTION” header set to “Same Origin” in our site.)

Is there any way to load the content directly in the page without prompting for “load unsafe script” ? Please advise.

6 Replies
kautuk_sahni
Community Manager
Community Manager

Hi 

I am not sure if it is allowed.

But some workarounds i found out are:

1. Create your own redirect script on an https page you control (a simple javascript redirect on a relative linked page should do the trick. Something like: (you can use any langauge/method)

    https://mysite.com That has a iframe linking to...

    https://mysite.com/utilities/redirect.html Which has a simple js redirect script like...

    document.location.href ="http://thenonsslsite.com";

2. "https://www.google.com/search?q=%http://yourhttpsite.com&btnI=Im+Feeling+Lucky"  [use google as the ssl proxy, tested on Firefox]

3. You could add an RSS feed or write some reader/parser to read the http site and display it within your https site.

I also let other community member to comment here.

~kautuk

anushap40132887
Level 4
Level 4

Thanks for your comments.

We will not be able to follow the first approach since we have to embed the URL in our page, not redirect.

Whether the second approach is applicale for "http" scheme? The URL to be embed is in "http".

Jörg_Hoh
Employee
Employee

The problems you are facing are the drawbacks of using an iframe. I see to 2 different options

  • Changing the value of the X-FRAME-OPTION
  • choose a different approach and no longer use an iframe.

Jörg

anushap40132887
Level 4
Level 4

Thanks For your comments.

We cant change the X-FRAME OPTION.

Instead of iFrame, we tried Embed using <object> </object> , but it is also prompting to "load unsafe script".

Please suggest if you have any other options.

vasudevaraog731
Level 3
Level 3

Hi,

Even We are facing the same issue with https any idea how can we fix this?

Arun_Patidar
Community Advisor
Community Advisor

Your only solutions are to either :

  • implement SSL on the server holding your navigation page so you can use https:// for your iframe reference, or
  • move the navigation application to the same server so you can use a relative URL.

Modern browsers doesn't allowed insecure content(serve over HTTP) inside secure pages(HTTPS)