A mixed content error occurs when an insecure URL (using http) is embedded on a secure page (https). Credo's content is hosted on a secure server and delivered via https; all links to our content are secure. However, if your proxy server is not secure and uses an http URL, adding your proxy to the Credo URL may cause embed codes to be flagged as “not secure.” If you use an embed code with an insecure source URL, you may find that it displays a blank white frame rather than the expected content.
It may look something like this LibGuides page:
Or like this page in an LMS course:
When this happens, you may see a shield icon that shows a warning about insecure content when your cursor hovers over it.
For example, in Chrome:
And in Firefox:
These dialog boxes will give you the option to display the unsafe content - using this option should display either the proxy sign-in screen (if you are using an off-campus network connection) or the desired Credo content (if you are already logged in to the proxy or if you are on-campus). Since users will not always know to allow this content, there are a few steps you can take to prevent the content from being blocked.
First, check the embed code you are using and find the source URL (the URL of the page you are embedding). If you are seeing this error message, most likely your proxy prefix is using http instead of https.
For example, in this embed code the source URL is in bold, and you can see that the proxy prefix uses http:
<iframe src="http://ez.prod.credoreference.com/login?url=https://frame.credocourseware.com/courses/course-v1:Credo+IL-MOD+2016/xblock/block-v1:Credo+IL-MOD+2016+type@sequential+block@3cf23ca97b24479e9deecf36873b4d4c/" width="100%" height="500" scrolling="yes"></iframe>
Make sure that the embed code uses the most current version of your proxy prefix - it could be the case that your proxy has already been updated to a secure URL, but the embed codes provided by Credo have not been updated.
If you have a more recent proxy prefix, substitute the new prefix into the embed code and see if the same error occurs. If the proxy URL is accurate, you can try using an https instead of http:
<iframe src="https://ez.prod.credoreference.com/login?url=https://frame.credocourseware.com/courses/course-v1:Credo+IL-MOD+2016/xblock/block-v1:Credo+IL-MOD+2016+type@sequential+block@3cf23ca97b24479e9deecf36873b4d4c/" width="100%" height="500" scrolling="yes"></iframe>
If your proxy supports https, using this version will resolve the blank screen issue. You can contact email@example.com to have the list of embed codes on your admin dashboard updated accordingly.
If your proxy does not support https, you will see an error message. If you don't have a version of your proxy prefix that uses https, you may wish to link to the content rather than using embed codes. You may also wish to consult with your proxy admin.
If you're using the embed code within an LMS, you can also contact Credo support (firstname.lastname@example.org) to set up referring URL access for your LMS instance. Referring URL access allows users to authenticate without using your proxy when they are used on certain pages that are already password-protected, like courses within your LMS. This option would allow you to bypass the mixed content error by removing the proxy from the embed code entirely. See Referring URL access for more information.