Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

false security warning on login forms within an iframe

  • 1 nzaghachinzaghachi
  • 1 nwere nsogbu anwere nsogbu a
  • 28 views
  • Nzaghachi ikpeazụ nke samuelcolvin

more options

I have a login form which uses an iframe to insulate the password from the rest of the app.

All content both in the parent window and the iframe is loaded over https, however I'm still getting the "This content is not secure..." message.

Why is this?

The iframe is loaded with `sandbox="allow-forms allow-scripts"` eg. without Same-Origin (This is to prevent code running in the parent window introspecting the login form to find passwords).

Could this be the cause of the problem? If so, is it intentional, could it be documented or fixed?

I have a login form which uses an iframe to insulate the password from the rest of the app. All content both in the parent window and the iframe is loaded over https, however I'm still getting the "This content is not secure..." message. Why is this? The iframe is loaded with `sandbox="allow-forms allow-scripts"` eg. without Same-Origin (This is to prevent code running in the parent window introspecting the login form to find passwords). Could this be the cause of the problem? If so, is it intentional, could it be documented or fixed?

All Replies (1)

more options

For some reason my attached screenshot didn't come through the first time, see attached.

URL is https://events.handsupfoundation.org/login/