This will not work, because Google sends X-Frame-Options: SAMEORIGIN:
<iframe src="https://www.google.com/"></iframe>
Here is a way around that:
<iframe src="https://www.google.com/webhp?igu=1"></iframe>
This, however, does not work:
<iframe src="https://fonts.google.com/webhp?igu=1" ></iframe>
Why?
The page at https://fonts.google.com/webhp?igu=1 sends both X-Frame-Options and CSP:frame-ancestors which both prohibit displaying it in an iframe. The path or parameter of /webhp?igu=1 likely disbles the framing prevention.
Related
i have a problem in adding iframe in my website EAADHAR, i want to add this website eaadhaar.uidai.gov.in in iframe of my site but when i add this iframe on my site it could not show anything its show blank page, if i add uidai.gov.in in iframe then its my website shows correctly this website in iframe, so at that time what can i do to add eaadhaar.uidai.gov.in to my site in iframe please solve my problem
working code
<html>
<body>
<iframe src="https://uidai.gov.in" width="600" height="400" >
</iframe>
</body>
</html>
Not working Code
<html>
<body>
<iframe src="https://eaadhaar.uidai.gov.in" width="600" height="400" >
</iframe>
</body>
</html>
Ok I got your problem. All you need to do is add the protocol it follows to make sure that doesn't mess-up with a multi-level subdomain.
Try the following code:
<html>
<body>
<iframe src="https://eaadhaar.uidai.gov.in" width="600" height="400"></iframe>
</body>
</html>
If something is not working, let me know.
UPDATE
The server sets the X-Frame-Options header to explicitly stop you
embedding the site in a frame. There is nothing you can do about this
- if the server sets that header your browser will not display the content.
The only thing I can think of is to proxy an AJAX request for the url, then look at the headers, and if it doesn't have X-Frame-Options, then show it in the iframe.
The second, non-working URL is sending a header indicating it should not be iframed.
$ curl -I https://eaadhaar.uidai.gov.in
> HTTP/1.1 200 OK
> Date: Sat, 30 Apr 2016 18:06:54 GMT
> Server: Apache-Coyote/1.1
> X-Frame-Options: SAMEORIGIN
> ...
That X-Frame-Options value tells your browser to only allow websites on the same domain name to iframe it. Any other site is forbidden from doing so.
Using SOAP call I am getting a URL and displaying in iframe.That URL contents one form, User need to fill all data and submit it. While I am invoking SOAP function, has given one return link also which one redirecting to my site.But problem is while returning that page is coming inside the iframe. My requirement is pretty clear that it should redirect to given path not inside iframe.
I do appreciate for advance help.
Here is the code for Iframe
<iframe style="width:955px;height:700px;margin: 0px auto;" src="<?php echo $response_data['Url']?>" frameborder="0" webkitAllowFullScreen mozallowfullscreen allowFullScreen id="js-signFrame">
</iframe>
If you have control over both the host website and the iframe content you can use easyXDM to transfer messages between the iframe and the site (of course you can use HTML5 socket but easyXDM have a great fallback mechanism which supports older browsers as well).
You can use the message logic to alter window.location of the parent window.
Here is a POC I made to show how to transfer data between different domains without getting caught by browser's same-origin-policy, you can use it as reference.
link:
https://github.com/eitankw/cross-domain
Really cannot understand why yahoo iframe works but the google one does not:
<!DOCTYPE html><html><body>
<iframe frameborder="0" src="http://www.yahoo.com"></iframe>
<iframe frameborder="0" src="http://www.google.com"></iframe>
</body></html>
any ideas?
From http://msdn.microsoft.com/en-us/library/cc288472(v=vs.85).aspx#search
Clickjacking Defense: Some hackers try to trick users into clicking buttons that appear to perform safe or harmless functions, but instead perform unrelated tasks. Clickjackers embed malicious code or "redress" the user interface by using transparent frames that overlay specific UI elements with misleading text and images. To help prevent clickjacking, Web site owners can send an HTTP response header named X-Frame-Options with HTML pages to restrict how the page may be framed.
X-Frame-Options: Deny
If the X-Frame-Options value contains the token Deny, Internet Explorer 8 prevents the page from rendering if it is contained within a frame. If the value contains the token SameOrigin, Internet Explorer will not render the page if the top level-browsing-context differs from the origin of the page containing the directive. Blocked pages are replaced with a "This content cannot be displayed in a frame" error page.
Using IE8, I get the following message in the Google iframe
This content cannot be displayed in a frame
To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame.
Looks like Google uses some code to prevent it's content from being displayed in an iframe
EDIT:
I found a decent explanation here: http://forums.asp.net/p/1733782/4654025.aspx/1?I+am+gettignthe+following+error+in+asp+net+with+facebook+app+early+it+is+working+fine+Once+i+click+on+Open+this+content+in+a+new+window+
I have also same error.
I just included inside tag and its works for me fine.
i tested it in chrome, firefox and opera
<div style="height:820px; width:100%" >
<div style="background-color:Green; height:50px; width:100%"> </div>
<iframe id="content" style="height:820px; width:100%; overflow:auto;" src="http://www.google.com" ></iframe>
</div>
You can show google in iframe using the below link by passing igu=1
https://www.google.com/webhp?igu=1
HTML Code:
<html>
<body>
<iframe src="https://www.google.com/webhp?igu=1" height="750" width="850"></iframe>
</body>
</html>
Can any one tell me how I can add my own CSS in an external site page through an iframe. So what code should I change here:
<iframe src="http://dhost.info/asz/demo.html" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" height="232px" width="514px" id="Dir-go" allowtransparency="true" title="WebDir"></iframe>
You can't. Nor can you add a stylesheet to it though Javascript. You can't edit the DOM of another domain's Iframe. (Very secure and all.)
External domains Iframes you cannot do anything but, internal iframes (using own domain) you can do this by using DOM javascript.
I want to play a URL in an iframe. When I place any other URL in the following line, it works fine, but when I enter the YouTube URL I get a blank page. Can anyone tell me where I am going wrong, or suggest any other method by which I can play the YouTube URL in an iframe?
<iframe width="100%"
height="610px"
frameborder=0
marginwidth="0"
marginheight="0"
scrolling="yes"
name="frmTest"
src="http://www.youtube.com/watch?v=dG5irzonTXA">
</iframe>
Your code will open a normal YouTube page. If I'm correct you want to have an iframe with video in it.
Try this: https://developers.google.com/youtube/youtube_player_demo
There's lot's of documentation there too.