ssl - Insecure content in iframe on secure page

Question

I'm in the in the process of developing an application for a client, which will have an SSL certificate and be served under https. However, to integrate with their existing site they want to provide their navigation inside an iframe.

I can see this causing trouble, as I'd expect the browser to complain about the mix of secure and insecure content on the page. I've had a look at similar questions on here and they all seem to refer to this the other way round (secure content in the iframe).

What I'd like to know, then, is: will it cause issues to have insecure content included inside an iframe, placed on a secure page , and if so what sort of problems would they be?

Ideally if it's not a good idea (and I have a strong feeling that it isn't) I need to be able to explain this to the client.

Answer 1

If your page is http then it allows iframe with https content.

But if your page is https then it does not allow http content.

Lets put down following possibilities.

page - iframe - status

http - http  - allowed
http - https - allowed
https- http  - not allowed
https- https - allowed