Getting http/https protocols to match with for

I am trying to use an <iframe> include of a google map, however the console is throwing several errors due to a mismatch, but there is no apparent mismatch, so I’m assuming it must be a function/process on the side of google maps.

Specifically with, there appears to be a change to the script for the iframe, according to this.

The errors in the console is this: ( I am getting at least 30 errors on page load )

Unsafe JavaScript attempt to access frame with URL from
frame with URL

The frame requesting access has a protocol of 'https', the frame being
accessed has a protocol of 'http'. Protocols must match.

Since my site is http and NOT https, and the map url is http, why is the mismatch occuring, and how do I fix this to make them match?

This really is a bug of the embeddable HTML code, created by the standalone Google Maps page ( -> click on link chain button to get the iframe based HTML code).
As said by aSeptik in the comments to your question, the corresponding bug report can be found here.

You can avoid that bug if you embed a Google Map using the Maps API. It does make no difference if you use the Maps API directly in your page or within an embedded iframe – both ways work fine.

Here is an example of some other map where I have used the Maps API within an iframe.

And here is an example of your own map using the Maps API – embedded right within the page.

Read More:   Node + Sequelize: How to check if item exists before adding? (async confusion)

The additional code needed for the Maps API is actually very small:

    <script type="text/javascript" src=""></script>
    <script type="text/javascript" src=""></script>
    <script type="text/javascript">
            var myOptions = {
                center: new google.maps.LatLng(35.201867,-80.836029),
                zoom: 10,
                mapTypeId: google.maps.MapTypeId.ROADMAP
            gMap = new google.maps.Map(document.getElementById('map_canvas'), myOptions);

            var kmlLayer = new google.maps.KmlLayer('');
    <div id="map_canvas" style="width: 400px; height: 400px;"></div>

I have used jQuery here for convenience.

Adding the attribute crossorigin="anonymous" to the </iframe> solves the issue:



Cant say about the bug that aSeptik mentioned, but if you want to avoid the http/https issue simply dont write it in the URL.

Eg: Instead of writing ‘‘ which will result in the warning you received, write ‘//’, this will automatically take the current sessions scheme (http/https) and make the API call.

Hope this helps.

The answers/resolutions are collected from stackoverflow, are licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0 .

Similar Posts