This article provides information on how to identify issues with embedding pages using SEQTA's 'Classic' portal page editor.
This page contains the following sections:
- Confirming a website is secure (HTTPS)
- About secure connections (HTTPS)
- Websites with 'Mixed content' or insecure content
- Websites that prohibit embedding
- Embedding Google 'sites'
Confirming a website is secure (HTTPS)
To check if a website is secure try access the site directly using the https:// (e.g. https://www.seqta.com.au ). If the site is not available over a secure connection then the web browser will display an error.
If a website is delivered over a secure connection, however there are some elements of that site that are not, then the embedded website may appear correctly on some browsers and not others.
Image below: example of security error
About secure connections (HTTPS)
HTTPS, which stands for Hypertext Transfer Protocol Secure, makes it more difficult to track users. The protocol makes sure the data isn't being transmitted in plain-text format, which is much easier to eavesdrop on.
The difference between HTTP and HTTPS?
HTTP is unsecure and is subject to man-in-the-middle and eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information. HTTPS is designed to withstand such attacks and is considered secure against such attacks (with the exception of older deprecated versions of SSL).
To read more see: http://en.wikipedia.org/wiki/HTTP_Secure
Why are HTTP restrictions in place?
This restriction is applied not only by the SEQTA Suite itself, but also by your web browser: Firefox, Chrome, and Internet Explorer will all block insecure content in a secure context.
You might have already noticed this on a few pages as you browse the web; in Firefox, a small half-shaded shield is displayed to the left of the address bar when Firefox blocks insecure content because of its context.
Why do some sites work even though the URL is not prefixed with HTTPS?
If a website is served over a secure connection, for example the SEQTA website, then regardless of how the address is entered (https://www.seqta.com.au, http://www.seqta.com.au or www.seqta.com.au) it will use the HTTPS protocol.
Can websites that are not delivered over HTTPS be embedded?
No. For a page to be embedded in SEQTA, it must be accessible via HTTPS, with a valid certificate.
Websites with 'Mixed content' or insecure content
If the embedded page has insecure content (HTTP), or has 'Mixed content' (HTTP and HTTPS), then a range of issues may occur. For example:
- Links may not work
- The Portal page may be blank
- A DNS error may be received (as seen in the image below)
- A range of other errors may be generated dependent on the web browser being used.
Some browsers will allow 'mixed content' to be delivered when accessing embedded websites, whereas, some will not (depending on the built in security of the website).
Websites that prohibit embedding
Some websites are set up to prohibit being embedded into another page, for example Google and yahoo. Where this is the case, check the website to see if they have made embed code available or any settings that need to be enabled (eg. Google Calendar has embed code available).
Embedding Google 'sites'
Sites created using Google's Classic sites editor can be embedded into Portal pages. For this to work, the security setting on the Google site 'Allow embedding of your site in other sites' needs to be selected.