1
Mixed Content: The page at '***' was loaded over HTTPS, but requested an 
insecure resource 'tel: 0612341234'. This content should also be served over HTTPS.

i use a normal tel link: 

 <a href="tel:072 123456">072 123456</a>

I realy like to serve the content over HTTPS, is there a good solution to fix this warning. Also breaks the green secure lock on the page.

it happens when click on the tel link. it only happens when in iframe.

Put the code below in iframe and click on the link, then te page will loose secure icon and shows the above message in dev console (CHROME)

<script src="https://code.jquery.com/jquery-2.2.4.min.js"
integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44="
<body>
<div id='test'>
    </div>
<script >
    $('#test').html('<a href="tel:012222222">tel link </a>');
    </script>
</body>

Looks like a bug to me.

Richi
  • 100
  • 8
  • 3
    How exactly do you get that error message? It doesn't make any sense, `tel:` has nothing to do with HTTP, it isn't even a network protocol. – Álvaro González Jul 09 '18 at 09:06
  • Sounds more like you have an invalid certificate if the lock is not green – Pete Jul 09 '18 at 09:14
  • for me also very strange, it is the message in google dev console. I get the html output via ajax. When i remove the phone link the page is secure again. So no problems with cert – Richi Jul 09 '18 at 09:16
  • Alright. Could you maybe share the code that triggers the error? – Álvaro González Jul 09 '18 at 09:17
  • i did edit the question. – Richi Jul 09 '18 at 09:46
  • Does that code resemble the real thing? There's no AJAX involved (which might be the key) and I cannot reproduce it on latest Chrome (67.0.3396.99 Win64). – Álvaro González Jul 09 '18 at 10:10
  • @ÁlvaroGonzález yes it does resemble the real thing. i found out it happens also in pure html. so have nothing to do with js/ajax. create a page with iframe and load a page in it with a tel: link. then click on it and you see security is broken. – Richi Jul 09 '18 at 10:21
  • Alright... It happens when you click on the link. Do you have an application registered as handler for `tel:` links? What's your operating system? – Álvaro González Jul 09 '18 at 11:06
  • i use win 10, and skype. But users (visitors) don't have all the same os. I did try this on edge , also on 2 other systems and on my android phone. all the same problem. after click the site is unsecure. – Richi Jul 09 '18 at 11:53
  • The thing is that I cannot reproduce it in my Win10 box with any browser (I don't have any handler for `tel:` so I get prompted every time). But it may be because my test code (wrote by me) does not exhibit this behaviour. Are you able to reproduce it with code you can put in a runnable snippet so we all have the same (actual) code? – Álvaro González Jul 10 '18 at 06:14
  • After you are prompted, you will see that the URL is no longer secure. I have placed the above code in the main explanation (use it in iframe). It seems to be a unsecure call when from iframe, have to live with it for now. Thanks for your time Alvaro. I mark your first commend as usefull becouse it should be like that – Richi Jul 10 '18 at 10:09
  • Alright, I was finally able to reproduce it. All you need is `tel link` inside an ` – Álvaro González Jul 11 '18 at 06:53
  • 2
    Possibly related to this one: [mailto link not working within a frame chrome (over https)](https://stackoverflow.com/questions/19234680/mailto-link-not-working-within-a-frame-chrome-over-https). Same solutions apply (I've verified `target="_top"`). – Álvaro González Jul 11 '18 at 06:58
  • Lol, you are a real go-getter :) This works, Thanks a lot. please answer the question so i can accept it. – Richi Jul 11 '18 at 09:45
  • Possible duplicate of [mailto link not working within a frame chrome (over https)](https://stackoverflow.com/questions/19234680/mailto-link-not-working-within-a-frame-chrome-over-https). There's a lot of good info in the other question, it's better to just link to it. – Álvaro González Jul 11 '18 at 10:55

0 Answers0