I have created a link to a Q&A and clicked “Allow to show in an iframe”.
When I include the iframe on a page served over https then the browser gives an error:
Mixed Content: The page was loaded over HTTPS, but requested an insecure frame ‘Clause9’. This request has been blocked; the content must be served over HTTPS.
The magic link that was created was a https url, however when I request the url via curl I can see that the https redirects to a http url:
* Request completely sent off
< HTTP/2 302
< alt-svc: h3=":443"; ma=2592000
< cache-control: no-cache, must-revalidate
< content-type: application/octet-stream
< date: Tue, 25 Mar 2025 12:00:32 GMT
< location: http://sandbox.clausebase.com/app/qna
I think it is this https → http redirect that is preventing the iframe from being embedded.
If I embed the iframe in a page that is served over http then the embedded iframe loads and works as expected.
My initial hunch was that it was perhaps related to the fact that you’re using the Sandbox, but when I did a quick test, everything seemed to work.
Do I understand correctly that you’re trying to directly refer to /app/qna ? Because that will not work; instead, you need to generate an URL at /ml/... using the /document_login_url endpoint of the REST API.
For security reasons, I’ll send you a small sample file over email to test whether some sample URL is working.