来自不同域的SSL iframe和SSL页面 [英] SSL iframe in and SSL page from a different domain

问题描述

立即为所有这些选项设置沙箱是不可行的。所以我呼吁社区寻求帮助。这是一个奇怪的，我只想知道什么会起作用（最重要的是在ie）和什么不会。

Setting up the sandboxes for all these option is not feasible right now. So I am appealing to the community for help. This is a weird one and I just want to know what will work (most importantly in ie) and what wont.

1. Http页面用和包含来自同一域名的https的iframe //没有
   的想法


2. 包含来自其他域名的https的Http页面包含https
   //不知道


3. Https页面包含来自同一域的https和iframe
   //不知道


4. Https页面包含来自不同域的https和iframe
   //不知道


5. Http页面包含来自同一域的http的iframe和//
   知道这个有效


6. Http page with和iframe包含来自不同域的http
   //我知道这有用


7. Https页面包含和iframe包含来自同一域的http
   //怀疑这是否有效


8. Https页面包含和iframe包含来自不同域的http
   //怀疑这是否有效

1. Http page with and iframe containing https from the same domain //no idea
2. Http page with and iframe containing https from a different domain //no idea
3. Https page with and iframe containing https from the same domain //no idea
4. Https page with and iframe containing https from a different domain //no idea
5. Http page with and iframe containing http from the same domain //I know this works
6. Http page with and iframe containing http from a different domain //I know this works
7. Https page with and iframe containing http from the same domain //doubt this works
8. Https page with and iframe containing http from a different domain //doubt this works

请帮忙！在此先感谢。

推荐答案

包含页面和iframe是否在同一个域上并不重要。

Whether the containing page and the iframe are on the same domain or not doesn't really matter.

• 使用<$ c $使用iframe在 http：// 上投放的页面c> http：// 网址：工作正常。


• 在 http：// 上投放的网页使用 https：// 网址的iframe：工作正常，但你赢了'能够确保iframe的安全性。


• 使用iframe使用 https：// 投放的网页 http：// URL：将生成混合内容警告，从而带来潜在的安全风险，应该避免。


• 页面使用 https：// 网址使用iframe在 https：// 上投放：工作正常。用户可能会发现很难检查iframe是否来自他们期望的网站。他们有效地信任包含页面做正确的事情（参见三维安全问题）。

• Page served over http:// with an iframe using an http:// URL: works fine.
• Page served over http:// with an iframe using an https:// URL: works fine, but you won't be able to ensure the security of the iframe.
• Page served over https:// with an iframe using an http:// URL: will generate mixed content warnings, thereby introducing a potential security risk, and should be avoided.
• Page served over https:// with an iframe using an https:// URL: works fine. The users may find it hard to check that the iframe comes from the site they expect. They effectively trust the containing page to do the right thing (see 3-D secure problem).

这篇关于来自不同域的SSL iframe和SSL页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！