Configuring your browser to allow mixed content in Experience Manager
If Experience Manager is configured to be secure (HTTPS) but you are trying to edit non-secure content, such as an HTTP page, the browser may block the mixed content. The end user can allow the loading of secure content in this mixed-content scenario, but you can also configure the end user's browser to always allow mixed content. RWS does not recommend this because it compromises security for all secure sites with non-secure content.
About this task
If Experience Manager is a secure website accessed through the HTTPS protocol, the browser will block the webpage itself if that webpage is non-secure (HTTP protocol). Similarly, a non-secure (HTTP) Custom Page will not be displayed by the browser if Experience Manager itself is secure (HTTPS).
Browsers offer a way to allow the loading of the non-secure content, but the end user must continue to do so for every new session. To overcome this problem, you may decide to configure your end user's browser to always allow mixed content. However, none of the supported browsers offer an allowlist, that is, the option to allow mixed content for some websites, but not for others. Be aware that configuring the browser to allow mixed content is a security risk.
Procedure
In Google Chrome, ensure that the executable runs with the following command line switch:
--allow-running-insecure-content.-
In Mozilla Firefox, enter
about:configin the address bar to access the browser's configuration settings. Search for the string "mixed" to find the following settings, and set all of them tofalse:security.mixed_content.block_active_contentsecurity.mixed_content.block_display_contentsecurity.warn_viewing_mixed
In Microsoft Edge, select and in the dialog that opens, select Security. Select Internet and select Custom Level. Scroll to the option called Display mixed content and change it from Prompt to Enable. Click OK and confirm that you want to change this setting. Then click OK to close Internet Options.