1

If I add the following HTML to a webpage it renders just fine: 

<iframe src="http://website.com" id="#iFrameContainer"style="position:fixed; top:0px; bottom:0px; right:0px; width: 100%; border: none; margin:0; padding:0; overflow: hidden; z-index:999999; height: 100%;">');

However if I do the following jQuery:

$('#iFrameUpdate').replaceWith('<iframe src="http://website.com" id="#iFrameContainer"style="position:fixed; top:0px; bottom:0px; right:0px; width: 100%; border: none; margin:0; padding:0; overflow: hidden; z-index:999999; height: 100%;">');

Same goes for .html(), .innerHTML()... etc

It fails... throwing:

Mixed Content: The page at 'https://mainwebsite.com/' was loaded over HTTPS, but requested an insecure resource 'http://website.com/'. This request has been blocked; the content must be served over HTTPS.

I can't get HTTPS on the iframe source as I don't control that server fully.

Any ideas how to bypass this?

Ryflex
  • 5,559
  • 25
  • 79
  • 148
  • Chrome doesn't allow you to load HTTP resources when it originates from javascript, and produces a warning if it originates from the page request. So unless you host your site on HTTP or reload the page with the correct URL, I don't think there is anything you can do. – dotconnor Mar 19 '19 at 01:28
  • @dotconnor there's no way to authorise the non-HTTPS request via some sort of two way key system? – Ryflex Mar 19 '19 at 02:00
  • the only way I know how to is to have the client allow it: https://stackoverflow.com/questions/18321032/how-to-get-chrome-to-allow-mixed-content – dotconnor Mar 19 '19 at 02:03
  • I'm voting to close this question as off-topic because someone has answered in comments. :( – Ryflex Mar 19 '19 at 02:06

0 Answers0