REMINDER
SOLVED Modal content blocked
-
Hi all!
I'm using a gallery component.
Clicking on a picture in this gallery opens a modal.
This modal contains another page, which is already published.When I open the preview link, and click on the picture, the modal opens but its content won't load / it won't display anything, and I get this error in the console:
"Mixed Content: The page at 'https://visigo-3fe790.appdrag.site/preview/projets-proposition-2.html?from-preview=1&from=projets-proposition-2×tamp=1641832361546' was loaded over HTTPS, but requested an insecure frame 'http://www.visigo.fr/preview/projets-covea.html'. This request has been blocked; the content must be served over HTTPS."Do you have any clue where that could be coming from? And how to fix this?
Thank you!
-
@myriam-mira simple, it seems you are testing from this url
http://www.visigo.fr/preview/projets-covea.html
Instead of
https://www.visigo.fr/preview/projets-covea.html -
@jbenguira Hi! I changed the link to use the link with httpS and it still did not work, I had an error in the modal:
www.visigo.fr refused to connect.but the console told me that X-Frame-Options "SAMEORIGIN" in the http headers were causing that.
So I'm not really sure what the best strategy is if we want to use X-Frame-Options, do you have a recommendation?
Because when I removed it from headers, the modal was working perfectly.
Thanks! -
@myriam-mira indeed X-Frame-Options "SAMEORIGIN" is made to block traffic from iframe from a different origin ...
you either you remove that custom header, or instead you configure it to allow your other origin (the domain when it needs to be accessible)
X-Frame-Options: ALLOW-FROM XXXXXXXXXXX
where XXXXXXXXXXX is the domain to allow access from
-
If anyone needs an easy alternative, read the answer here: https://community.appdrag.com/topic/1157/modal-content-blocked-2-refused-to-connect?_=1668797095679
