HTTPS is unreliable as a src for an <iframe> tag.
See an example here :
http://codepen.io/okeul/pen/qboMRQ
It's a problem because with [AMP], HTTPS is mandatory with an iframe.
See the issue in AMP Project :
https://github.com/ampproject/amphtml/issues/1585
Do you think it's possible to support HTTPS in Dailymotion ?
Thanks for your feedback Olivier.
We now fully support HTTPS and have a specific <amp-dailymotion> component.
See here:
https://www.ampproject.org/docs/reference/extended/amp-dailymotion.html
Related
We have a HTTPS website and I need to display a HTTP website (any external website) into my page. The website used iframe for displaying it. We realised that it doesn't work in mozilla firefox. We are getting a "mixed content" error. I am searching for an alternative to iframe now. I understand that it makes no sense to bypass the security warning. We also do not want to change any browser settings as it is possible that all the users may not have permissions to change browser settings. Using tags like <embed> or redirecting in <div> tag also gives the same problem.
Is there any way to do this in C# code and not using HTML and scripting.
Response.redirect() does not work in our application. I do not have a problem if the page is redirected but I prefer a dialog/popup window for the external website to display.
This is simply a security consideration. Your HTTPS site is not truly safe when using mixed content.
Use HTTPS for your external site, period.
As Mozilla suggests:
The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP.
I have a site with HTTPS configured.
My client wants me to embed a youku video. At first the browser blocked the iframe since it had HTTP protocol on it.
I changed it to HTTPS and now youku does not work. It seems youku does not support HTTPS.
is there any way around this?
Perhaps there is a service other than youku that does support HTTPS and is still suitable for that region?
hi,we had supported(sorry for later)
for example:
1
<iframe height=498 width=510 src='https://player.youku.com/embed/XMTg3Nzg4MzY4NA==' frameborder=0 'allowfullscreen'></iframe>
2
https://player.youku.com/player.php/sid/XMTg3Nzg4MzY4NA==/v.swf
3:
<embed src='https://player.youku.com/player.php/sid/XMTg3Nzg4MzY4NA==/v.swf allowFullScreen='true' quality='high' width='480' height='400' align='middle' allowScriptAccess='always' type='application/x-shockwave-flash'></embed>
Youku player serves some resources (like preview images or alternative sources for video) under http, not https - and this might be the main culprit of "partially insecure content" issue in browsers. This problem is caused by Youku player itself, it's quite possible to change the code loaded from their servers.
However, the problem can be solved in most simple and convenient way by rewriting insecure http requests on given page with secure https requests - it possible to achieve this by including CSP meta tag in page header:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
The "Content-Security-Policy" response header allows to control resources the user agent is allowed to load on given page (more information here).
What "upgrade-insecure-requests" directive does: "Instructs user agents to treat all of a site's insecure URLs (those served over HTTP) as though they have been replaced with secure URLs (those served over HTTPS). This directive is intended for web sites with large numbers of insecure legacy URLs that need to be rewritten."
The original solution was found in this post.
Here's how I make develop a bookmarklet, get the input control value on web page ,
I write a javascript function, add the bookmarklet to my browser, load my test web page, is test the bookmarklet, the result is ok,
but then i test the bookmarklet on HTTPS website ,the bookmarklet can not get the input control value, why? the bookmarklet doesn't work on the HTTPS website?? Is there any way to make the bookmarklet work on https sites?
3 questions :
Why cant you get the input value : there is no reason why it does not work, almost certainly you are looking for the wrong id.
Do bookmarklets work on HTTPS : absolutely, HTTPS is not the problem
Can I make it work on https sites : if you provide a code sample, we might be able to tell you what is wrong with it.
I know this is a pretty old question, but since I came across it while searching for a similar problem, I will add my thoughts. If you wrote your own bookmarklet, this is most likely caused by your bookmarklet trying to access insecure content. If you have other static content that your bookmarklet references on your own server, such as HTML, JS, CSS, or image files, the browser will block that content from loading. This is because of the Same Origin Policy. This question is also discussed in this question. If you, or someone else viewing this is having the same problem, attempt to serve your content up as https or access only other content that is https.
Who knows the issue? It seems Swagger cannot support IE. I deployed Swagger example as following in Tomcat. The example works well in Google Chrome & Firefox.
https://github.com/wordnik/swagger-core/tree/master/samples/no-server
But the example cannot be shown in IE correctly. URL always be directed to tomcat's index page. I have tried to change "localhost" to IP or hostname, but it still cannot work in IE.
Does swagger cannot support IE? Is it a bug?
Input the URL and run in IE
http://localhost:8080/swagger/index.html
Redirect to the URL (always insert # inside)
http://localhost:8080/#swagger/index.html
Thanks for your help.
Swagger's own petstore demo doesn't seem to work in IE either, so I guess it's a problem with the code rather than with your particular installation.
I'm trying to debug my form POST code. Is there any firefox plugin so I can see exactly what the browser is sending (rather than monitor at the server side)?
Firebug? It lets you see HTTP requests and responses on the 'net' tab.
Live HTTP Headers
Fiddler works with IE, Firefox, and many other processes.
try charles, you can monitor IE and FF. Tamper data should also work well
https://addons.mozilla.org/en-US/firefox/addon/966
Get Firebug!, it has everything you need -- or alternatively Live HTTP Headers.
Firebug can do this
You can use firebug and in the network tab see what is posted firebug
There's also HTTP Analyzer