Title: iFrame and Embed widget may show an empty frame if you try to include insecure (http) content in a secure (https) TeamPage server page

Dec 2013: Modern Web browsers are getting much more security conscious about what they are willing to display in the context of a secure, trusted page. This is a good thing, but can lead to unexpected results when you use TeamPage iFrame and Embed widgets to show content defined by an external link that uses the less secure default http protocol to pull content into a TeamPage server that uses the more secure, encrypted https protocol. Depending on your browser, you may see an empty frame where content should be, like the screenshot below which tries to use the TeamPage Embed widget to show a SlideShare presentation inline:



The problem is that TSI's corporate TeamPage server - where you're reading this FAQ - uses https to encrypt all content including the password you type to connect to this server, but the SlideShare site uses the less secure http method to show slide decks inline. SlideShare also allows you to "embed" code for a slide deck and paste it into the HTML content of a page directly or using a widget like TeamPage Embed. The SlideShare embed code uses http rather than https URL's to reference the slide deck content.

If you review the embed code from SlideShare when you paste it into the TeamPage Embed widget, and manually change each http reference to https, Chrome will happily shown the slide deck inline, like so:



This trick may not work for all sites - some just don't support https - but if you see an empty frame:

1) Is your TeamPage server using https serve its content ? Look at the URL address bar in your browser.

2) Are your attempting to shown content from a site that's addressed using http? Look at the browser or embed code.

3) Does manually changing the TeamPage IFrame or Embed widget URL address references from http to https work?

You may be able to change your Web browser's security settings to allow it to show less secure http content embedded in more secure https pages, but that can open you up to potential security or malware problems.



Attachments:
empty-iframe-https-faq-5Dec2013.jpg
https-content-iframe-5Dec2013.jpg
Related Articles
Article: Support3124 (permalink)
Categories: :Doc:FAQ
Date: December 5, 2013; 5:44:17 PM Eastern Standard Time

Author Name: Greg Lloyd
Author ID: grl