Getting http/https protocols to match with <iframe> for

I am trying to use an <iframe> include of a google map, however the console is throwing several errors due to a mismatch, but there is no apparent mismatch, so I'm assuming it must be a function/process on the side of google maps.

Specifically with, there appears to be a change to the script for the iframe, according to this.

The errors in the console is this: ( I am getting at least 30 errors on page load )

Unsafe JavaScript attempt to access frame with URL from
frame with URL

The frame requesting access has a protocol of 'https', the frame being
accessed has a protocol of 'http'. Protocols must match.

Since my site is http and NOT https, and the map url is http, why is the mismatch occuring, and how do I fix this to make them match?


This really is a bug of the embeddable HTML code, created by the standalone Google Maps page ( -> click on link chain button to get the iframe based HTML code). As said by aSeptik in the comments to your question, the corresponding bug report can be found here.

You can avoid that bug if you embed a Google Map using the Maps API. It does make no difference if you use the Maps API directly in your page or within an embedded iframe - both ways work fine.

Here is an example of some other map where I have used the Maps API within an iframe.

And here is an example of your own map using the Maps API - embedded right within the page.

The additional code needed for the Maps API is actually very small:

    <script type='text/javascript' src='//'></script>
    <script type='text/javascript' src=""></script>
    <script type='text/javascript'>
            var myOptions = {
                center: new google.maps.LatLng(35.201867,-80.836029),
                zoom: 10,
                mapTypeId: google.maps.MapTypeId.ROADMAP
            gMap = new google.maps.Map(document.getElementById('map_canvas'), myOptions);

            var kmlLayer = new google.maps.KmlLayer('');
    <div id="map_canvas" style="width: 400px; height: 400px;"></div>

I have used jQuery here for convenience.

Adding the attribute crossorigin="anonymous" to the </iframe> solves the issue:



Cant say about the bug that aSeptik mentioned, but if you want to avoid the http/https issue simply dont write it in the URL.

Eg: Instead of writing '' which will result in the warning you received, write '//', this will automatically take the current sessions scheme (http/https) and make the API call.

Hope this helps.

Need Your Help

How to resolve ALL conflicts using HEAD, with any mergetool

git git-merge opendiff

So for some reason I'm getting a lot of conflicts with a new merged hotfix. The file that was actually [manually] changed has no conflict.

Good Java property files editor

java ide resources properties editor

I work on an open-source Java project, and we have a lot of resource property files that contains localizable message resources. Those files are translated by volunteers to 20+ languages, and I'm a