On my site, the page, https://www.bowmanvisual.com/client/tools.html has 2 lightboxes. Each contains an iframe. The links within the iframe are https links. One is to an online whiteboard. One is to a JotForms form for uploading files to Dropbox. When the page loads, I have a green lock symbol in Chrome and a simple lock in Safari. When each dropbox is loaded, the shows as “not secured.” The the green lock is replaced on Chrome by a circled “i.” The lock disappears on Safari.
I think the combination of links within a lightbox is being read as mixed content, but both my site and the links are https. How can I fix this?
Ok. These images are hosted on my site and uploaded with all of my other content. So I need to check my files to make sure all linked files are listed as https wherever they occur.
Do you see any issue with my lightbox/iframe links setup? Is this a valid or safe use of an iframe?
The iframe security issues are part of the larger topic of web application security, with which I’m unfortunately not very familiar. It’s kind of a higher layer than HTTPS and cryptography, and I haven’t studied it very much.
There can be options or headers which make the use of iframes safer in some ways, but I don’t know much about them. I would suggest consulting a book or tutorial that introduces web application security. I don’t believe that this issue is related to what’s causing the browser warning in this case; I think the browser warning that you see is all about mixed content, not frames.