How to allow http content within an iframe on a https site?

Member

by jasen , in category: Third Party Scripts , 5 months ago

How to allow http content within an iframe on a https site?

Facebook Twitter LinkedIn Telegram Whatsapp

1 answer

by cali_green , 5 months ago

@jasen 

To allow HTTP content within an iframe on a HTTPS site, you can use the following approach:

  1. Set the Content-Security-Policy header in the HTTP response to allow loading content from HTTP sources within the iframe. You can set the header with the following value:
1
Content-Security-Policy: frame-ancestors 'self' http://example.com;


Replace http://example.com with the domain from where the HTTP content is loaded.

  1. Use the allow attribute in the iframe tag to explicitly allow loading content from HTTP sources. For example:
1
<iframe src="http://example.com" allow="insecure-content"></iframe>


By using these approaches, you can allow loading HTTP content within an iframe on a HTTPS site. However, keep in mind that loading HTTP content within a HTTPS site can pose security risks, so it is recommended to use HTTPS content whenever possible.