Mautic Community Forums

HTTPS Focus Item not working on HTTP Pages

Mautic is on HTTPS and so is the focus item JS. When embedded on HTTP pages, keep getting the following error:





Failed to load resource: the server responded with a status of 403 (Forbidden)

Uncaught SecurityError: Blocked a frame with origin “https://mauticinstance.com” from accessing a frame with origin “http://www.xxxxxxx.com”. The frame requesting access has a protocol of “https”, the frame being accessed has a protocol of “http”. Protocols must match.





Need help urgently. Thanks in advance!

Mautic is on HTTPS and so is the focus item JS. When embedded on HTTP pages, keep getting the following error:

Failed to load resource: the server responded with a status of 403 (Forbidden)
Uncaught SecurityError: Blocked a frame with origin “https://mauticinstance.com” from accessing a frame with origin “http://www.xxxxxxx.com”. The frame requesting access has a protocol of “https”, the frame being accessed has a protocol of “http”. Protocols must match.

Need help urgently. Thanks in advance!

Best solution would be to make all your pages https

Second answer here is why:
http://stackoverflow.com/questions/3331548/allowing-http-iframe-to-call-javascript-on-https-parent-frame

Thanks for writing back. Converting all the pages into https is not an ideal task for us right now.

Secondly, my question is the page is http but the JS is https which is creating an issue. The link you shared is not exactly solving our problems.

This is the closest thing I’ve been able to find to your issue: http://stackoverflow.com/questions/1105934/ajax-using-https-on-an-http-page

@namakapur
I would “highly” recommend making the effort to fully switch to all pages being HTTPS, instead of looking for work-arounds. The reasons:
1: Search Positioning - Google, Bing, etc… give higher scores to secure https pages
2: User trust - users have a higher trust of https pages, and more likely to buy
3: Time spent - you will spend just as much time searching for a work-around and implementing it.

If the concern is the cost of SSL for the other domain, just use LetsEncrypt, its free and simple to setup.