Now, I know that https site cannot show non-https 3rd party site in an iframe.
But if I get SSL cert for www.mydomain.com and mydomain.com ONLY, can subdomain.mydomain.com show non-https iframe content?
If subdomain.mydomain.com is non-https, it can show non-https iframe content.
The only effect of the https on the parent domain (mydomain.com) is if the parent domain use HSTS (a header that tells the browser to force https) with the option includesubdomains: If that option is activated on the parent domain, then a visitor could be forced to visit subdomain.mydomain.com with https (even if you didn't activate https on it!)
Related
I have a several web sites running on a shared hosted server.
Every site except one I can enter in my browser https://webmail.example.com or http://webmail.example.com and they both work and resolve to the secure or insecure pages accordingly.
On the one site the page resolves correctly for regular http but I get a "404 Not found" error when I try https for the webmail subdomain of that site. https://myexample.com does work for all pages on that site (without the webmail subdomain).
All of the DNS settings are the same for all of the sites. There is a CNAME record webmail.example.com --> examplecom. None of the sites have a "proper" subdomain setup where the subdoman points to a directory, just the DNS setting. The SSL Status reports that the SSL cert for the webmail subdomain is valid.
Im not sure what else to check or how webmail ultimately get pointed to the webmail page.
I have a heroku app running on app.domain.com
I have a different app (strikingly landing page) running on www.domain.com
I turned on cloudflare for my domain.com and want to get SSL working. I've tried the flexible SSL cert.
However, when I request https, I get SSL errors (curl -I gives no alternative certificate subject name matches target host name).
The SSL cert appears to say "Active" on my Cloudflare console, and I've set up Page Routing for http://domain.com to Always use HTTPs
On the DNS page of Cloudflare, I hit the orange icon on the row for www and app to have them "enabled" but then I just get Invalid URL The requested URL "[no URL], is invalid." when hitting the site.
We have an SSL content management (vendor) site that is embedded in salesforce via iframe. The vendor has permalinks for a certain subset of pages. We simply have the full link https://test.com/portals/default.asp?perm=2421. Very simple... User clicks on it in Chrome or FF... boom link doesn't work and spits out the mixed content error below. I know this is a vendor issue but how can a browser detect it is going to an http page when the link is https and the final page they would be take to is https?
Mixed Content: The page at
'https://na2.salesforce.com/servlet/servlet.Integration?lid=01r400000001jzz&…15MHlOVlF4TmpveU1Eb3lNQzR5TlRSYSwxSTVmT0xTdzlpNTQ0c2FTTWdWT1JqLFlXWmtNR0po'
was loaded over HTTPS, but requested an insecure resource
'http://test.com/portals/default.asp'. This request has been blocked;
the content must be served over HTTPS.
You are on an https webpage ( https://na2.salesforce.com ) and try to load an http ressource ( 'http://test.com/portals/default.asp ).
Most browser block it for security reason (even if the http request will redirect to https).
I'm using sipml5 to connect to a sip phone service and one of the setting is the service websocket server URL. the problem is that the server url is not secured (ex. ws://123.123.123.123:9999/ws) and it cannot be accessed on wss://. Because of that, when loading my site on a HTTPS connection, the browser blocks the request automatically, it doesn't behave like it does when loading let's say, an image over http, and then shows a warning.
Error is: [blocked] The page at 'X' was loaded over HTTPS, but ran insecure content from 'ws://....': this content should also be loaded over HTTPS.
I need to know if there is a way to make the browser connect to ws:// even though the page initializing the request is loaded over https.
Please help.
EDIT:
What I'm looking for is a flag or something like that, in Chrome or Firefox for example, which lets the user access insecure resources even though the page is loaded on https.
Why you are using http? You can get an ssl certificate from https://letsencrypt.readthedocs.org/en/latest/intro.html
then add the following details to http.conf
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/path-to/cert.pem
tlsprivatekey=/path-to/privkey.pem
I'm using Charles Proxy to rewrite code on website, just for testing a client's site.
Rewriting works on every website, except from sites on https.
Charles has the option to choose the protocol (http or https), but that doesn't work either.
Every rewrite works well on http, not on https.
What am I doing wrong?!
it is best to add a site as *
that way all https sites will show in charles.
when adding the site simply put * instead of domain.com
Double check that the Enable SSL Proxy is ticked and that you have entered the domain in the Proxy > Proxy Settings > SSL section.