non-ssl iframe on a SSL website

Question

I'm getting an infamous error [SSLpage] was loaded over HTTPS, but ran insecure content from [NonSSLpage]

I am using an <iframe> that holds src with url that begins with itms-service:// which is Apple's OTA protocol.

I have a need of having an SSL website because according to their new, idiotic, rules in iOS 7.1 I must run SSL page in order to download provisioning profile but in the same time I can't load itms-service:// because it's considered insecure. And it's just just a warning, it's just forbidden!

The only solution so far I found is replacing <iframe> with simple anchor <a> but it's a temporary solution and I wish I could make it work like it always did.

http://stackoverflow.com/a/22528146/1902010 says it's the URL **referenced** by `itms-service://` that needs to be HTTPS. What's wrong with the `` solution, though? Requiring HTTPS isn't an "idiotic rule" when dealing with a provisioning profile on devices frequently connecting over public Wifi. — ceejayoz, Apr 10 '14 at 02:14
The referenced url is https and still blocked. The ENFORCEMENT is idiotic. I know that I'm using it only within private network and there's no need for SSL and I hate when someone thinks he knows better. For me it's just another way to force people buying SSL certs from "trusted" CA's. — Mike, Apr 10 '14 at 02:28
The enforcement is to protect **users**. You're out $7 for an SSL. Millions of users are potentially protected from attacks. Apple doesn't own a CA so I'm not sure why you think they'd be interested in driving business to them (especially with their $100 billion bank account). — ceejayoz, Apr 10 '14 at 02:37

non-ssl iframe on a SSL website

0 Answers0