< class="prominent-subhead ">

Issues when using the Content and Location Services Controls

This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.

Issue - Content blocked in an iframe

Certain URLs do not display correctly and the browser console error displays. Sites often stop their content from being displayed in an iframe, such as in the content and location services controls. For more information see the article https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options


  • Use a different site for your solution that doesn't require iframes
  • Investigate if there is a supported way to host the site in question

For example, to use Google maps in a content control, you need to use a specific URL and include an API key. For more information see https://developers.google.com/maps/documentation/embed/guide

Issue - Mismatched protocols

The content control does not load because of an HTTPS protocol error. You cannot open HTTP sites from a HTTPS parent site, or vice-versa. For more information see http://javascript.info/tutorial/same-origin-security-policy


This is standard browser behavior and applies to any website with an iframe hosted on an SSL page. If you have a parent site that is HTTPS, the iframe URLs (in this case hosted in a content control) must also be HTTPS. 

  • Change the site URL in the content control to the matching protocol of the SmartForms site
  • Change the SmartForms site to use the protocol matching the host site

It is also possible to change the default behavior of Chrome to allow the insecure content:

  • Right click on your Chrome icon
  • Choose Properties
  • At the end of your target line add the command line flag:
    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --allow-running-insecure-content

See the following links for more detail: