I'm loading content in an iFrame that's from another domain. Sometimes that content contains links that I want to replace with other links or block altogether. From this I understand I can not change any of the content via JavaScript.
However - I was thinking of loading the contents of the iFrame via a proxy. So instead of loading www.example.com/page.html I would load www.myproxydomain.com/page.html and in the proxy I would then load from example.com and replace the page content.
Is that even technically possible?
Related
I want to create an html page and use it in the src attribute of the amp-iframe tag.
The amp-iframe tag then (as i understood from some examples) creates the iframe and loads the html page.
In drupal though, i can not find a way to use this html page in a twig template.
Is there a way to find a path inside drupal for this html page and use this path in the src?
I know drupal works with templates and twig files but in the amp examples everyone uses html.
Problem could be that you're trying to add amp-iframe content that's on the same origin as your page domain. That's forbidden for security reasons (mostly to do with the way the same-origin policy uses synthetic origins inside iframes).
The fix is to make sure that external JS is served from a different origin to your AMP. So if your AMPs are on example.com then you should serve the iframed JS from SOMEOTHERORIGIN.example.com
Share your code for better under standing of your issue.
Also refer - https://github.com/ampproject/amphtml/blob/master/spec/amp-iframe-origin-policy.md
I have a service that is loaded through an iframe on exampledomain.org. Ideally, I only want this service to be loaded under exampledomain.org. This I can ensure with X-Frame Options. However I also don't want it be accessible by simply pasting the url into the browser. Is there a way to prevent anything except an iframe from loading content?
This will make it only loosely enforced, but you can put a bit of JS on the framed page to take you back to the page you intended them to be on. One check you could try is to see if window.parent is the same as window.
if (window.parent === window) {
location = "https://exampledomain.org/";
}
I want to apply css to google calender iframe. I had tried with Jquery but it gives JavaScript security error. However I also tried this link
Got success but many of its links goes to 404 page as it takes my domain as base URL
You will face a security error when you apply css using javascript to an iframe that contains a page in a different domain. but this problem has a workaround by using document.domain if both documents are on the same top level domain, are using the same protocol & you can add the following line of JavaScript to the page in the iframe:
document.domain = "example.com";
the page containing the iframe needs the same line to make the domains match. Once this is in place, the script running on your main page is allowed to access properties of the document in the iframe element –
You cannot apply css to a iFrame ...
An iframe is a 'hole' in your page that displays another web page
inside of it. The contents of the iframe is not in any shape or form
part of your parent page.
From here
The reason behind that is security. If you have blabla.com in one
window and gmail.com in another one, then you’d not want a script from
blabla.com to access or modify your mail or run actions in context of
gmail on your behalf.
From here
If the iFrame is on the same domain and it doesnt violate the "Same-origin policy", you can work around this situation like this:
$('iframe').load( function() {
$('iframe').contents().find("head")
.append($("<style type='text/css'> .my-class{display:none;} </style>"));
});
Solution posted here
Anyway, if you are not violating the "Same-orgin policy", you probably don't want to use an iFrame.
I've created a project with the moovweb sdk and have trouble editing the content within an iframe on one of the pages. For instance, moving a div around inside the iframe doesn't seem to work with the tritium I'm writing. What can I do with tritium to make this work? The domains are different FYI.
Unfortunately, Tritium only allows you to edit the attributes of the iframe itself, not the content within.
This is because the request for content in the iframe is made after the browser constructs the DOM of the main page. Tritium can only intercept the first request for the main page, not the second request for content from a different domain.
I know of two workarounds:
Add the second website as a Moovweb project and you will be able to use Tritium to manipulate the content. Then you can point the iframe of the original page to this new content.
Use JavaScript/AJAX to modify the iframe's content.
However there are implications for production domains... I'm afraid I may have rushed this answer and will update it after I do more research.
If the iframe is on the same origin (http://m.yoursite.com) or on an origin you have in your config.json you can absolutely use tritium! However, maybe not in the way you expect!
So, the iFrame is going to make a separate request to the src attribute's location. If you ensure this request is going through the SDK (by rewriting it) like so:
$(".//iframe[#src]") {
attribute("src") {
rewrite("link")
}
}
Then you can map that url and perform your regular tritium on it!
you need to analyses the src of iframe and need to write mapping in mappings.ts for the url in src. Include proper .ts file in pages folder and start transforming it.
I have an htm file with an iframe and a menu structure. The menu can load an htm file in the iframe or an aspx file. No problem at all.
But... Now they want the iframe to get the size of its content. (So there will be no scrollbar in the iframe, but you have to scroll the whole htm file.)
I didn't get this to work so I thought I would use a div for this issue. But I can't get the aspx file to load in a div.
So I'm stuck. Either I have to find a way to let my iframe grow or I have to find a way to load an aspx file in a div.
Placing the remote content directly in a div will be the easiest here, otherwise you will have to try and automatically size the iframe after the page loads, and it might even change height after that too.
To load HTML content from a remote source into a div you will need to look at the XML HTTP Objects exposed to the browser via javascript.
It sounds like you are not familiar with the concept so I would advise using a Javascript library like jQuery to help you along.