Chromium Embedded Framework Forum

[dreijer]

I'm showing a page that has mixed http and https content, which prevents CEF from loading it. How do I explicitly allow a page to load (just like one can click the shield icon in Chrome)? I've been looking at cef_origin_whitelist.h, but I'm not sure if that's what I need for this.

I found an old post about this (viewtopic.php?f=6&t=799&p=3171&hilit=insecure#p3171), but I'm keeping my fingers crossed about this since it's over a year old.

[magreenblatt]

https://code.google.com/p/chromium/issu ... l?id=81637

Looks like there is a "allow-running-insecure-content" command-line flag.

[dreijer]

How does Chrome allow you to set it on a per-page basis? I'm not too keen on enabling this for all the CEF browser instances in my application, but only very specific ones.

[animesh29]

Did you got a solution for this? Can we configure CEF to allow mixed content?

[HarmlessDave]

https://code.google.com/p/chromium/issues/detail?id=81637

Looks like there is a "allow-running-insecure-content" command-line flag.

Is there a way to set this in program code? With the 3.2272.1998 build of CEFClient should I be doing something like appending it to a CefString or std::string?

Code: Select all

MainContextImpl::MainContextImpl
...
#if defined(OS_WIN)
  command_line_->InitFromString(::GetCommandLineW());

I tried adding this but it had no effect:

Code: Select all

     command_line_->AppendSwitch("allow-running-insecure-content");

We don't control the sites that our browser connects to, and we can't force them to fix mixed-content errors.

For an URL that shows the problem, open http://www.mailvu.com and in CEFClient the debug log will include:

Code: Select all

[0429/131722:INFO:CONSOLE(0)] "Mixed Content: The page at 'https://www.mailvu.com/' was loaded over HTTPS, but requested an insecure script 'http://connect.facebook.net/en_US/all.js'. This request has been blocked; the content must be served over HTTPS.", source: https://www.mailvu.com/ (0)
[0429/131722:INFO:CONSOLE(0)] "Mixed Content: The page at 'https://www.mailvu.com/' was loaded over HTTPS, but requested an insecure script 'http://connect.facebook.net/en_US/all.js'. This request has been blocked; the content must be served over HTTPS.", source: https://www.mailvu.com/ (0)


[magreenblatt]

Is there a way to set this in program code?

Implement CefApp::OnBeforeCommandLineProcessing and call command_line->AppendSwitch("allow-running-insecure-content") when |process_type| is empty.

[HarmlessDave]

That worked perfectly, thanks!

[Plinker1961]

Does the --allow-running-insecure-content switch actually do anything? I'm using CEF 3.2171.2069 and this switch does not make a difference; same "This request has been blocked; the content must be served over HTTPS" error as reported previously. According to https://bitbucket.org/chromiumembedded/ ... g-insecure, I get the impression that support for this flag has not yet been added (even in the latest versions). Anyone have any insights here? Does this flag really work?

NOTE: I have already done what magreenblatt has suggested in OnBeforeCommandLineProcessing

[magreenblatt]

Does the --allow-running-insecure-content switch actually do anything? I'm using CEF 3.2171.2069 and this switch does not make a difference; same "This request has been blocked; the content must be served over HTTPS" error as reported previously. According to https://bitbucket.org/chromiumembedded/ ... g-insecure, I get the impression that support for this flag has not yet been added (even in the latest versions). Anyone have any insights here? Does this flag really work?

As stated in the linked issue the `allow-running-insecure-content` flag likely does not work currently.

[Plinker1961]

That's what it looked like to me as well. I got my hopes up though when a previous response indicated "That worked perfectly".