KB001886

Issue - Content blocked in an iframe

Certain URLs do not display correctly and the browser console error displays. Sites often stop their content from being displayed in an iframe, such as in the content and location services controls. For more information see the article https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

Resolution

• Use a different site for your solution that doesn't require iframes
• Investigate if there is a supported way to host the site in question

For example, to use Google maps in a content control, you need to use a specific URL and include an API key. For more information see https://developers.google.com/maps/documentation/embed/guide

Issue - Mismatched protocols

The content control does not load because of an HTTPS protocol error. You cannot open HTTP sites from a HTTPS parent site, or vice-versa. For more information see http://javascript.info/tutorial/same-origin-security-policy

Resolution

This is standard browser behavior and applies to any website with an iframe hosted on an SSL page. If you have a parent site that is HTTPS, the iframe URLs (in this case hosted in a content control) must also be HTTPS. 

• Change the site URL in the content control to the matching protocol of the SmartForms site
• Change the SmartForms site to use the protocol matching the host site

It is also possible to change the default behavior of Chrome to allow the insecure content:

• Right click on your Chrome icon
• Choose Properties
• At the end of your target line add the command line flag:
  "C:Program Files (x86)GoogleChromeApplicationchrome.exe" --allow-running-insecure-content

See the following links for more detail: 

• http://www.chromium.org/developers/how-tos/run-chromium-with-flags
• http://stackoverflow.com/questions/14058789/how-to-force-loading-dynamic-insecure-content-in-chrome