is there any issue in communicating with a secure child window and a parent page which is not secure?

与安全的子窗口和不安全的父页面进行通信是否有任何问题？

Yes. HTTP and HTTPS make for separate script origins. (If they were not separate origins then an unprotected page could script into an HTTPS page and change all its content, defeating the purpose of HTTPS.)

是的。HTTP 和 HTTPS 用于单独的脚本来源。（如果它们不是单独的源，则未受保护的页面可以将脚本写入 HTTPS 页面并更改其所有内容，从而违背 HTTPS 的目的。）

If so how can I solve this issue?

如果是这样，我该如何解决这个问题？

1. Same origin. Serve the parent page through HTTPS, and either put them on the same hostname or set document.domainto a shared parent domain on both documents.

2. Cross-origin messaging. window.postMessage; if you need to support older browsers(primarily IE<8) then there are horrible backwards compatibility hacks (like communicating through document.cookieor hash navigation).

3. Server interaction. One document sends the information to the server and the server shares it back with the other document (eg using XMLHttpRequest).

1. 相同的起源。通过 HTTPS 为父页面提供服务，并将它们放在相同的主机名上或document.domain在两个文档上设置为共享父域。

2. 跨域消息传递。window.postMessage; 如果您需要支持较旧的浏览器（主要是 IE<8），那么有可怕的向后兼容性黑客（例如通过通信document.cookie或哈希导航）。

3. 服务器交互。一个文档将信息发送到服务器，服务器将其与另一个文档共享回来（例如，使用 XMLHttpRequest）。