Questions tagged [mixed-content]

HTTPS page that includes content retrieved through cleartext HTTP

Mixed content occurs when a document served over HTTPS contains content retrieved through cleartext HTTP. That makes the connection only partially encrypted and vulnerable to man-in-the-middle attacks. Therefore, browsers block such mixed content.

https://w3c.github.io/webappsec-mixed-content/ defines the relevant requirements for browsers.

335 questions

votes

1 answer

If I use an API from a non-SSL website, are browsers required to give a mixed content error?

The title says it all. If I use an API from a non-SSL website, do I know I will I get a mixed content error from browsers? That is, is a mixed-content error for that case what the relevant standards require browsers to do?

ssl mixed-content secure-context

asked Mar 08 '17 at 01:09

bumbleshoot

1,082
2
17
32

votes

1 answer

https, a subdomain and an iframe: Any alternative to purchasing an additional SSL certificate?

I have a website example.com and an SSL certificate for this domain only. No subdomains except www are included. The site is based on Typo3. On example.com/map is an iframe (note the subdomain):