You can try the following:
- Remove the HTTP or HTTPS wtihin the Embed Widget this way it will display if you are logged in or not. This does not work for all embed codes. You still may be only able to view it publicly vs internally depending on the ebbed link used.
- Create a Landing Page, Place the Embed Content onto the Landing Page, Publish the Landing Page and then navigate to the front end URL of that Landing Page to see the Embed (or publish the page the Embed Code is on)
- Click the Shield Icon to allow mixed Security while "Viewing Page" in onMessage.
This has no bearing on users accessing the Public URL, they will always see the embed content. The issue is within onMessage because its HTTPS and the Embed code is HTTP having mixed Security on the Page does not display unless you enable it via the shield Icon.