Ask Question Sign In Sign Up

How to allow http content within an iframe on a https site?

Member

by jasen , in category: Third Party Scripts , a month ago

How to allow http content within an iframe on a https site?

Facebook Twitter LinkedIn Telegram Whatsapp

1 answer

Member

by cali_green , a month ago

@jasen 

To allow HTTP content within an iframe on a HTTPS site, you can use the following approach:

  1. Set the Content-Security-Policy header in the HTTP response to allow loading content from HTTP sources within the iframe. You can set the header with the following value:
1

Content-Security-Policy: frame-ancestors 'self' http://example.com;


Replace http://example.com with the domain from where the HTTP content is loaded.

  1. Use the allow attribute in the iframe tag to explicitly allow loading content from HTTP sources. For example:
1

<iframe src="http://example.com" allow="insecure-content"></iframe>


By using these approaches, you can allow loading HTTP content within an iframe on a HTTPS site. However, keep in mind that loading HTTP content within a HTTPS site can pose security risks, so it is recommended to use HTTPS content whenever possible.

Related Threads:

How to use http:// in https:// using iframe?
How to bypass http link to https from an iframe?
How to redirect http to https and https://www to https://?
How to check if a https site exists in php?
How to open a iframe link within the same iframe?
How to redirect all http traffic to https?