1

We have a ASP core web app and the main site is https. We have code in javascript that is opening up a new iframe that is suppose to point to another site that is http. We are giving the window.open function a http:// site, but noticed when it opens, it replaced http with https, which is a problem.

Is there anyway to turn that off? We just want to open it as http. Seems simple enough, but I can't find any information on how to do this.

** Update 1: After some playing around, I decided to try to use Window.open without a target, the modal iframe we were popping this into. It works like its suppose to and opens up as http instead of https.

So now I have to figure out why putting this into the iframe forces that to be https.

the modal looks like this:

<div class="modal fade" id="rangeActiveModal" tabindex="-1" role="dialog" data-keyboard="false" data-backdrop="static">
    <div class="vertical-alignment-helper">
        <div class="modal-dialog vertical-align-center modal-lg">
            <div class="modal-content">

                <div class="modal-body">
                    <iframe name="theFrame"></iframe>
                </div>

                <div class="modal-footer">
                    <button type="button" id="btnRejoinEnvAndHide" name="button" value="Rejoin" class="btn btn-success">Rejoin</button>
                    <button type="button" id="btnStopEnvAndHide" name="button" value="Stop" class="btn btn-danger">Stop</button>
                </div>

            </div>
        </div>
    </div>
</div>

And the call looks like this:

arenaWin = window.open(url, 'theFrame');
Improve this question
4
  • 1
    How do you know the other site isn't doing the HTTP-to-HTTPS redirection? Commented Oct 19, 2019 at 23:27
  • Have you looked at the Network tab of your browser's developer tools window to see the actual requests being made and used the JS debugger to inspect the URI string being passed into window.open? Commented Oct 19, 2019 at 23:28
  • @Dai its not. I tested this by copy and pasting the URL into another tab just to make sure. It remains http. Its definitely the window.open, I just dont know why. Commented Oct 20, 2019 at 1:53
  • @Dai I'm running this through VS debugger, printed out the URL im passing in, and its http:// Commented Oct 20, 2019 at 2:01

1 Answer 1

Reset to default
0

It's very possible to do it:

<button>EXAMPLE.COM</button>

<script>
  document.querySelector('button').addEventListener('click', () => {
    alert('EXAMPLE.COM');
    window.open("http://example.com/", 'theFrame');
  });
</script>

see https://jsfiddle.net/o3n7cd6g/3/

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Unfortunatly we need this to be ran with in the web frame (iframe) and not an external tab/window. It runs fine in its own tab/window, inside an iframe though its locked down. Because our main site is https, the iframe wont allow anything less secure.
that you cant, see: developer.mozilla.org/en-US/docs/Web/Security/Mixed_content

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.