Hello all.
If I have a frame embedded into a html page. The page connects through http. My question is:
If my frame connects through https is the connection and everything still encrypted despite the fact that the container page connects through http?
UPDATE: Thank you everyone. So it is encrypted :)
Only the frame content, retrieved through the https connection, is encrypted.
If the encrypted frame content references (e.g. image links, other frames, etc) content it might still explicitly specify that that referenced content is not encrypted e.g. <img src="http://...."/>
Everything which is transfered through htts is encrypted. If your https page contains elements which are not encrypted (only http), the browser will warn you unless you have turned of the warning.
So yes, yozur frame will be loaded as https and will be encrypted if the content url is a https one.
If you want to be sure - install an http proxy and check the traffic through this proxy. You'll see html for your https requests and garbled messaged for https.
The iframe's connection and content will be encrypted, however, the user's browser will only show the "lock" icon if the containing page is https so making the iframe https and the containing page http is kind of pointless from that point of view.