Squarespace IFRAME not working? This is probably why..
More in Plugins, Scripting and Styling
When an IFRAME embedded in a code block does not work on a Squarespace website the problem is usually that the embed IFRAME code is unsecure ( the IFRAME url begins with http:// ) and the page that contains the IFRAME code is secure (url begins with https://).
What’s the difference between https: and http:?
- Urls that begin with http are not securely encypted. Any data they pass back to their server is in plain text format. This means that they could potentially run malicious scripts or be exploited by hackers.
- Urls beginning with https are securely encrypted. This means that their contents, and any data they pass back to their server (such as form submissions) cannot be easily read if they are intercepted by hackers.
So why don’t http: IFRAMEs load on https: Squarespace sites?
Firstly, this isn’t a bug in Squarespace; it’s a security feature that is built into web browsers.
If a person visits a secure https page they expect all the content on that page to be secure. An embedded http: page would not be secure and so the holding page’s security could be bypassed.
For this reason web standards dictate that any content embedded into a securely encrypted page must also be secure.
How can I get my http: iframe code to work?
Here are two possible fixes is your Squarespace IFRAME is not working :
- You could disable SSL security and run your Squarespace website on an http connection. The iframe won’t be visible when logged in to admin ( because it’s https) but will be ok on the customer facing URL (because customer facing URL and iframe URL are both http).
- Find out if there is a secure (https) version of the IFRAME embed url and use that. Both the main site and embedded IFRAME page will be https and the embed will work.
Of these two solutions the second is preferable as it does not involve reducing site security for the sake of a single embedded section.