-1

We have an SSL content management (vendor) site that is embedded in salesforce via iframe. The vendor has permalinks for a certain subset of pages. We simply have the full link https://test.com/portals/default.asp?perm=2421. Very simple... User clicks on it in Chrome or FF... boom link doesn't work and spits out the mixed content error below. I know this is a vendor issue but how can a browser detect it is going to an http page when the link is https and the final page they would be take to is https?

Mixed Content: The page at 'https://na2.salesforce.com/servlet/servlet.Integration?lid=01r400000001jzz&…15MHlOVlF4TmpveU1Eb3lNQzR5TlRSYSwxSTVmT0xTdzlpNTQ0c2FTTWdWT1JqLFlXWmtNR0po' was loaded over HTTPS, but requested an insecure resource 'http://test.com/portals/default.asp'. This request has been blocked; the content must be served over HTTPS.

blankip
  • 340
  • 5
  • 18

1 Answers1

0

You are on an https webpage ( https://na2.salesforce.com ) and try to load an http ressource ( 'http://test.com/portals/default.asp ).

Most browser block it for security reason (even if the http request will redirect to https).

Tom
  • 4,666
  • 2
  • 29
  • 48
  • No I am loading - https://test.com/portals/default.asp?perm=2421 - wondering why current browser cares how it is getting parsed. – blankip Mar 22 '16 at 19:28
  • could you eventually provide the real url to check it? – Tom Mar 22 '16 at 20:16
  • It is behind SSO so you wouldn't be able to get to it. – blankip Mar 22 '16 at 20:50
  • https://developer.mozilla.org/en-US/docs/Security/Mixed_content/How_to_fix_website_with_mixed_content and http://stackoverflow.com/questions/3920206/how-can-you-tell-exactly-what-insecure-items-are-causing-a-browser-to-warn-about may help you find the root problem – Tom Mar 22 '16 at 20:57