HTTPS page was not allowed to run insecure content from safari-extension:// URI
I face a strange behavior in a Safari extension with Safari 9.1 (11601.5.17.1). I try to insert a new Iframe with an src pointing to an html file in the extension package using "safari-extension://...".
The URL is correct and the content is displayed in a new tab, if I click on the link from the error message displayed in the console.
[blocked] The page at https:// was not allowed to run insecure content from safari-extension://com.mycompany.myextension-7KZE138RQQ/3d4c3273/js/proxy.js.
It seems the URL with safari-extension scheme is not considered as secured and safari applies "no http in https page" security policy. It used to work before (before what? I don't know.).
Any idea? Could that behavior be changed with a specific Content-security-policy?
Thanks
Answer
You need to configure your safari to display the mixed content,
Follow these steps.
1. Open up Preferences by selecting "Preferences" from the "Safari" menu.
2. Click on the the "Security" (tab) icon near the top of the dialog.
3. Make sure that the "Ask before sending a non-secure form to a secure website" option is unchecked.
Hope this helps!