Setting up the sandboxes for all these option is not feasible right now. So I am appealing to the community for help. This is a weird one and I just want to know what will work (most importantly in ie) and what wont.
- Http page with an iframe containing https from the same domain //no
idea - Http page with an iframe containing https from a different domain
//no idea - Https page with an iframe containing https from the same domain
//no idea - Https page with an iframe containing https from a different domain
//no idea - Http page with an iframe containing http from the same domain //I
know this works - Http page with an iframe containing http from a different domain
//I know this works - Https page with an iframe containing http from the same domain
//doubt this works - Https page with an iframe containing http from a different domain
//doubt this works
For better reading π
βββββββββββββββββββββββ¦ββββ¦ββββββββββββββββ¦βββββββββββββββββββ¦ββββββββββββββββββββ
β Page with an iFrame β c β inside iFrame β domain β works? β
β βββββββββββ¦βββββββββββ£ o β ββββββββ¦ββββββββ¬βββββββ¦ββββββββββββ¬ββββββββββββββββββββ£
β http β https β n β http β https β same β different β β
β βββββββββββ¬βββββββββββ£ t β ββββββββ¬ββββββββ¬βββββββ¬ββββββββββββ¬ββββββββββββββββββββ£
β X β β a β β X β X β β no idea β
β βββββββββββ¬βββββββββββ£ i β ββββββββ¬ββββββββ¬βββββββ¬ββββββββββββ¬ββββββββββββββββββββ£
β X β β n β β X β β X β no idea β
β βββββββββββ¬βββββββββββ£ i β ββββββββ¬ββββββββ¬βββββββ¬ββββββββββββ¬ββββββββββββββββββββ£
β β X β n β β X β X β β no idea β
β βββββββββββ¬βββββββββββ£ g β ββββββββ¬ββββββββ¬βββββββ¬ββββββββββββ¬ββββββββββββββββββββ£
β β X β β β X β β X β no idea β
β βββββββββββ¬βββββββββββ£ β ββββββββ¬ββββββββ¬βββββββ¬ββββββββββββ¬ββββββββββββββββββββ£
β X β β β X β β X β β I know this works β
β βββββββββββ¬βββββββββββ£ β ββββββββ¬ββββββββ¬βββββββ¬ββββββββββββ¬ββββββββββββββββββββ£
β X β β β X β β β X β I know this works β
β βββββββββββ¬βββββββββββ£ β ββββββββ¬ββββββββ¬βββββββ¬ββββββββββββ¬ββββββββββββββββββββ£
β β X β β X β β X β β doubt this works β
β βββββββββββ¬βββββββββββ£ β ββββββββ¬ββββββββ¬βββββββ¬ββββββββββββ¬ββββββββββββββββββββ£
β β X β β X β β β X β doubt this works β
ββββββββββββ©βββββββββββ©ββββ©ββββββββ©ββββββββ©βββββββ©ββββββββββββ©ββββββββββββββββββββ
Please help! Thanks in advance.
Whether the containing page and the iframe are on the same domain or not doesn’t really matter.
http://with an iframe using anhttp://URL: works fine.http://with an iframe using anhttps://URL: works fine, but you won’t be able to ensure the security of the iframe.https://with an iframe using anhttp://URL: will generate mixed content warnings, thereby introducing a potential security risk, and should be avoided.https://with an iframe using anhttps://URL: works fine. The users may find it hard to check that the iframe comes from the site they expect. They effectively trust the containing page to do the right thing (see 3-D secure problem).