Firefox is serving my site as HTTPs and this is causing an error on the pages where my site has an iframe - what can I do to solve this?
Hi,
We have an application that runs on our site Flagology.com. This iframe application is not secure. On Firefox we have recently noticed that our iframe is not always being served to the customer. See this link: https://www.flagology.com/product/dog-photo-garden-flags/
What other options do we have or what do you recommend to fix this error?
Thank you, Lindsey
Wšě wotmołwy (6)
Your frame src is
http://designer.flymyphoto.com/api_ext.php
which then redirects back to
http://www.flagology.com/wp-content/plugins/woocommerce-realtimedesigner/RTD_templates.php
Since the first server can't handle HTTPS, you're stuck there. Users can make an exception (see attached screen shot), but then Firefox modifies the framed page to
https://www.flagology.com/wp-content/plugins/woocommerce-realtimedesigner/RTD_templates.php
and the images from the other server can't be displayed (woocommerce page uses relative paths so Firefox tries to retrieve them using the same protocol as the framed page).
In short, this part of your site does not work on HTTPS. But why are users getting HTTPS pages instead of HTTP pages?
I don't know if you shop on Amazon much, but they forcibly redirect users from HTTPS to HTTP except during account access and checkout. You might need to do something like that if the intermediary site doesn't support HTTPS.
Hello,
When you have a web page that serves 'Mixed content', where the page itself is served over HTTPS and some part of the page is served over insecure HTTP, Firefox (and other browsers) block the display of the insecure content. The only sensible solution to this problem is to serve everything over HTTPS.
There is an article about this on the Mozilla Developer Network, called 'How to fix a website with blocked mixed content'.
I hope this information was useful.
jscher2000 said
Your frame src is http://designer.flymyphoto.com/api_ext.php which then redirects back to http://www.flagology.com/wp-content/plugins/woocommerce-realtimedesigner/RTD_templates.php Since the first server can't handle HTTPS, you're stuck there. Users can make an exception (see attached screen shot), but then Firefox modifies the framed page to https://www.flagology.com/wp-content/plugins/woocommerce-realtimedesigner/RTD_templates.php and the images from the other server can't be displayed (woocommerce page uses relative paths so Firefox tries to retrieve them using the same protocol as the framed page). In short, this part of your site does not work on HTTPS. But why are users getting HTTPS pages instead of HTTP pages? I don't know if you shop on Amazon much, but they forcibly redirect users from HTTPS to HTTP except during account access and checkout. You might need to do something like that if the intermediary site doesn't support HTTPS.
Hi - by suggesting that we force to HTTP are you suggesting put in a redirect to force HTTP? When I visit Amazon on firefox, it redirects me to HTTPs.
Gert Van Waelvelde said
Hello, When you have a web page that serves 'Mixed content', where the page itself is served over HTTPS and some part of the page is served over insecure HTTP, Firefox (and other browsers) block the display of the insecure content. The only sensible solution to this problem is to serve everything over HTTPS. There is an article about this on the Mozilla Developer Network, called 'How to fix a website with blocked mixed content'. I hope this information was useful.
The developer of the application in the iframe has told us that it is not recommended to serve an iframe over https - is this something you are aware of?
LindseyFlagology said
Hi - by suggesting that we force to HTTP are you suggesting put in a redirect to force HTTP? When I visit Amazon on firefox, it redirects me to HTTPs.
This must be a recent change. For the better, from a privacy perspective. But yes, if your product pages do not work work smoothly on HTTPS, you can redirect to HTTP.
LindseyFlagology said
The developer of the application in the iframe has told us that it is not recommended to serve an iframe over https - is this something you are aware of?
Why not?! Because then you would need to use one of their competitors? HTTPS is the future that is nearly here; they need to get on board.
Update. Sorry I posted without updating the thread first
It works for me ok
- None Secure http://www.flagology.com/product/dog-photo-garden-flags/
- As does none secure http://www.flagology.com/
If someone tries to open it as https, or possibly you have a link or iframe using https then Firefox's Mixed Content Blocking may be triggered e.g.
- https://www.flagology.com/product/dog-photo-garden-flags/
- See Mixed content blocking in Firefox
- Noting end users do get an option to override the block
- Also How to fix a website with blocked mixed content https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content/How_to_fix_website_with_mixed_content
- And How do I tell if my connection to a website is secure?
Wot John99