How to load the content from HTTP server inside the parent with HTTPS connection
I need to load HTTP content inside HTTPS connection. When I do so, I don't get the content and in the browser consol I get the following error :
The page at 'https://xxx.xxx.xxx.xxx/App/xyz.action' was loaded over HTTPS, but displayed insecure content from 'http://xxx.xxx.xxx.xxx/views/xyz/abc': this content should also be loaded over HTTPS.
Here, the content over HTTP comes from another server. Hence, I cannot use the relative url also.
My HTML code where I need to load HTTP content looks something like this :
<div class='c1' style='width: 1353px; height: 576px;'> <object class='c2' width='1353' height='576' style='display:none;'> <param name='host_url' value='http://xxx.xxx.xxx.xxx/views/xyz/abc' /> <param name='site_root' value='' /> <param name='name' value='mno;pqr' /> <param name='tabs' value='no' /><param name='toolbar' value='yes' /> </object> </div>
I tried looking into solutions but could not find the solution which meet my requirement.
Please help me.
Not sure if it solves your problem but you have a style='display:none;' on the object you are trying to load.
Unless you own both/all servers, you can't assume that just because the page that contains the link was retrieved via HTTPS, that the nested link is available via HTTPS. The server may not be serving on the HTTPS port.
So, assuming the target server isn't yours, and they aren't serving https, then some options are:
- Manually download the plugin and serve it from your own server, if licensing allows it.
Proxy the download through your own HTTPS server, or another that supports it, using Apache's proxy module, for example. This allows you to comply with licensing, while still referencing the object through your secure server, and possibly even aliasing the URL to something simpler. http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
ProxyPass /foo http://foo.remote.com/bar ProxyPassReverse /foo http://foo.remote.com/bar
Create a proxy function with code, in your action/controller/servlet, and replace calls that directly reference the remote server with an HTTPS call to your own. Like https://myserver.com/remoteObjectHandler.aspx and your code will need to transparently connect via HTTPS, then stream the request content from the original server to your client connection.
So, the answer is simple. Just allow your browser to load unsafe script.