Loading http://themes.getbootstrap.com/products/application works fine, but https://themes.getbootstrap.com/products/application doesn't.
From the preview page:
<iframe class="iframe-preview js-iframe" src="//bootstrap-themes.github.io/application"></iframe>
With HTTPS, this tries to load https://bootstrap-themes.github.io/application.
$ curl -I "https://bootstrap-themes.github.io/application" HTTP/1.1 301 Moved Permanently Server: GitHub.com Content-Type: text/html Location: http://bootstrap-themes.github.io/application/ <snip>
Since "application" is a directory, github.io tries to redirect
/application/. But for whatever reason, the responding server hardcodes http:// in the
Location header, instead of matching the same protocol as the original request. I've tested this on Firefox and Chrome, and both refuse to load a page served over HTTP into an iframe embedded in a page served over HTTPS, due to the mixed content restriction.
Solution: change the
src of the iframe to
//bootstrap-themes.github.io/application/. This avoids the bad redirect.