Iframing https site on http sites?
Question
I'm about to add an ssl certificate to a rails application hosted on heroku, so I can activate stripe payments.
The main function of our app is to let users create embeddable widgets. The widgets are essentially iframes of the views for the objects they're creating in our rails app.
The vast majority of our users' sites are using http, and I'm concerned that if we switch our app domain to https, the iframed widgets they've embedded would stop working.
Is it possible to have a secured domain name for our app, and let the users embed widgets that iframe parts of the app with source urls using just http?
2 answers
solution1
0 ACCPTED 2015-05-07 14:04:03
You could only enforce SSL on certain routes.
scope constraints: { protocol: "https" } do
# routes you'd like secured
end
Then, don't enable force_ssl for the entire site and the other components should be unsecured.
solution2
0 2016-01-20 21:24:59
An iframe that points to an http:// URL should just get redirected to https:// , so I forsee no problems there.
If you have a form with an action attribute as http://, that could be a problem, as a redirect won't take with it POST data.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.