page - iframe - status
http - http - allowed
http - https - allowed
https- http - not allowed https嵌套http不支持
https- https - allowed
https - https - insecure scripts - not allowed (不安全的脚本 虽然两个都是https,脚本不安全浏览器会阻止)
https - https - inscure images - allowed but the browser will warn
https/http全支持的情况下可以考虑:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">