0

What are circumstances under which HTTPS resources (scripts? images? videos? iframes?) will fail to load inside of an HTTP page? The files are being served from IIS 8.5, and the problem occurred on multiple browsers. When the files are sent as HTTP, the page works properly.

I know the reverse (HTTP files onto HTTPS page) can be problematic for security reasons, but that shouldn't apply here, right?

Also, is it correct that Same Origin Policy only applies when scripting across multiple pages, and shouldn't affect files loading from the same server onto a single page?

Foo Bar
  • 161
  • 8

1 Answers1

1

HTTPS resources will not load inside of a HTTP page for a variety of reasons some would be when:

  • The SSL certificate is not valid *confirm the root, intermediate are correct also.
  • The encryption protocol is not negotiated properly between the browser and the server, this is a rare error.

(edit) The protocol does impact the same origin page. You can serve a different site on a different protocol on the same system. Tested in Apache.

illandous
  • 157
  • 6