I have a webpage from https://creator.zoho.com that contains an iframe. The iframe scr is http://somedomain.example.com (NOTE that it is not https). The iframe content contains scripts for JQuery, SignalR etc.
I get the following behavior across OS and browsers with their default security settings:
Windows
- Internet Explorer - No issues, works fine.
- Chrome - Does not load the iframe context at all (I see the DOM of iframe and it is empty). A shield icon appears on the right of the address bar and on click the message is "the page includes scripts from unauthenticated sources." I have an option "Load unsafe script". I click it and everything is works.
- Firefox - Does not load anything in the iframe. No security indicator nor any warnings.
- Safari - No issues, works fine.
Mac OS
Chrome - Does not load the iframe context at all (I see the DOM of iframe and it is empty). A shield icon appears on the right of the address bar and on click the message is "the page includes scripts from unauthenticated sources." I have an option "Load unsafe script". I click it and everything is works.
Firefox - Does not load the iframe context at all (I see the DOM of iframe and it is empty). A shield icon appears on the left of the address bar and on click the there is a security related message. I have an option "Load unsafe script". I click it and everything is works.
Safari - Does not load the iframe context at all. No security warning. No indication that something is blocked.
Does anyone have a clue as to what is wrong?
After a good amount of Googling, I can came across - https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options - but not very sure if this is a solution for my case for all browsers OR if it is even the right solution for any browser for the situation that I am facing.
Thanks in advance for reading my post.