After configuring an existing CRM solution to display some external content inside of IFRAMEs, we had to move the CRM web site from port 80 to SSL. After completing the configuration, we ran into a constant warning message in the browsers:
- Internet Explorer: “Only Secure Content is displayed” with a button to allow all the content to be loaded
- Chrome: “This page includes script from unauthenticated sources” with a link to load the unsafe script
The warning is actually indicating an obvious point: when you are running a web site configured for HTTPS/SSL, it makes sense from a security perspective to not display frames or other content that is not secured. The resolution is extremely simple, just move your custom content to a secured web site. The warnings will go away and the content of the frame will be displayed.
On the flip side, you can display secured content even if your CRM website is not configured for HTTPS.