Forum Sidebar

Discussion boards

HTTPS/SSL

sremondi
Joined: 09/30/2013
Posts: 2

HTTPS/SSL

3
Started: 12/16/2013

Hi,

I'm embedding my mindmap using an iframe on a secure server. I can't change this (ugh, iframes) because this is what my boss mandates.

However, mind42 doesn't support https. When you go to https://mind42.com, it redirects to http://mind42.com.

So this isn't a problem with IE, FF, or Safari. However, Chrome absolutely won't let you embed a non SSL page inside of an SSL page (to simplify that a bit but that is the general idea).

The mindmap itself works in every browser, but not embedded in my SSL page.

Has anyone run into this and found a workaround? As far as I can see, Chrome is too secure and there isn't a workaround. IE asks the user if they want to continue, but Chrome just blocks the mindmap. Or, are there any plans to make an ssl side to this site?

I don't know if this goes under questions or feature requests or what because it's kind of all three.

Thanks thanks thanks!!!

sremondi
Joined: 09/30/2013
Posts: 2
Posted: 12/16/2013

Amusingly I just found the sticky under feature requests for https, and the answer was that https won't be offered because they need to have http ads and don't want certificate errors. Which is the exact opposite of my problem. Agh! Is there anything at all I can do??

Stefan Schuster
Joined: 02/20/2007
Posts: 221
Posted: 12/17/2013

You are right, that's exactly the opposite problem. There have been new developments since I posted this, and ads for HTTPS would be available now, but from what I've read it seems that it would result in lower adviews and therefore income because not all ads are available in HTTPS. So we have to test this first before we change that.

The other reason we currently stick to HTTP (besides signup, login and settings) is the way Mind42 uses images. Currently whenever a user adds an image into a mind map it's directly loaded from the source - which could be HTTP as well. If we want to switch to HTTPS we would have to proxy those images over HTTPS to avoid mixed content warnings as well.

But I've found a support article from Zendesk, who have similar problems (https://support.zendesk.com/entries/27879356-iFrames-issues-Chrome-and-FFox-security-updates). There it says that there should be a shield icon in the address bar, that causes the page to reload and show such HTTP iframes.

WeendieGames
Joined: 02/28/2015
Posts: 1
Posted: 03/28/2015

This may be a feature for paid users..


Sign in or sign up to reply