I think I may know the answer to this question but I'm actually looking for some hard evidence/link to a statement from Microsoft on why this occurs.
I have a domain name of "www.mycompany.com", which is HTTP. This page soley contains HTML with an iFrame redirecting to "application.anothercompany.com", which is HTTPS. The page that sits on "application.anothercompany.com" contains just a username and password box on the page, plus a login button.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Author" content="">
<meta name="ROBOTS" content="ALL">
<meta name="description" content="">
<meta name="keywords" content="">
<title>My Company Name</title>
</head>
<frameset cols="100%,*">
<frame frameborder="0" src="https://application.anothercompany.com/" >
<noframes>
<body>
Frames not supported.
</body>
</noframes>
</frameset>
</html>
When navigating to "https://application.anothercompany.com", I can successfully login on any browser.
When visiting "http://www.mycompany.com", I cannot login to the other site, presented in an iFrame using Internet Explorer. I can do so however with Safari and Firefox.
To me, I would say it's a feature of Internet Explorer to stop phishing attacks - as far as the user is aware they entering information at "http://www.mycompany.com", not "https://application.anothercompany.com". If it's a security feature, then fine - I can live with that.
Does this all sound correct - or is there a workaround?
To add a little more information, I've tried adding the "www.mycompany.com" to trusted sites on the browser, this did not correct the problem and disabling "Protected Mode" in Internet Explorer also failed to correct the issue.
The issue seems to appear in IE, IE7 and IE8.
I've found you can be a little cheeky with Internet Explorer, by opening a new tab, navigating to "https://application.anothercompany.com" and logging in - then returning to the "http://www.mycompany.com" site you can then successfully login! Though closing down and restarting IE resets all this.
Thanks Stu