Mixed Content: Iframe converting https call to http and the request gets blocked

Question

We have a website which provides referral options for healthcare provider via digital signature. We are upgrading our website security policy to not redirect to the third party website for esignature. instead of redirecting to the thirdparty website we are trying to embed the thirdparty website inside our website for esignature.

now the technical question:

we are using iFrame to embed the thirdparty website. we have the custom third party link for each signature which needs to load in this iFrame.

our website is on HTTPS and the third party site is also on HTTPS.

We are getting below error even though the third party URL used is on https

 **The page at 'https://mywebsite.com/' was loaded over HTTPS, but requested an insecure resource 'http://MyThirdPartyIntegratedWebsite' This request has been blocked; the content must be served over HTTPS**

URL is formed for each user which is customized for his signature

$scope.detailFrame = 'https://MyThirdPartyIntegratedWebsite/userID=123'

Whiltelisted the third party website too.

$sceDelegateProvider.resourceUrlWhitelist([
    // Allow same origin resource loads.
    'self',
    // Allow loading from our assets domain.  Notice the difference between * and **.
    'https://MyThirdPartyIntegratedWebsite/**'

    ]);

How to avoid iFrame from calling thirdparty website insecurely?

Answer 1

It was actually the internal redirects from the third party website which was causing the problem. We initiated a call with them to resolve this. Thank you sideshowba