I am trying to insert pdf into blogger using iframe.But I am getting blank page
Any idea How to fix it. I was getting blank page with chrome and firefox. I was getting error "This publisher does not allow to publish" in internet explorer
> <iframe width="100%" frameborder="0"
> src="https://drive.google.com/file/d/0B15mEFBok9BVUExXV2lRTDNsYjQ/view?usp=sharing"></iframe>
It seems like Google Drive has the HTTP header X-Frame-Options set to SAMEORIGIN. That means that it can only be embedded within the same domain (drive.google.com). You can read more about it here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
You should be able to see the error by opening your browser's console:
Refused to display 'https://drive.google.com/file/u/2/d/0B15mEFBok9BVUExXV2lRTDNsYjQ/view?usp=sharing' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.`
My recommendation is to host it somewhere else (e.g. Amazon S3), where you have control over the HTTP headers.
Related
I'm trying to connect to play.google.com in my website iframe and I'm receiving this error:
Refused to frame 'https://play.google.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://play.google.com".
Am I missing some thing??
Here is the code:
Here is the error:
Can I do something so that I can work?
The code reference which I took from google is here.
I was trying to render the iframe after using Android Management API. What I was expecting is when I open the url directly in new tab then it's working but when I try to open in iframe it's not working. It should work in iframe!
This problem can occur when you render the Managed Configurations iframe over an ‘http’ (unsecure) connection. I suggest you embed your iframe with an ‘https’ (secure) connection to prevent cross-site scripting attacks. I tested this locally, and swapping to ‘https’ resolved the issue in my tests.
I have a MS-WOPI client in Sharepoint that correctly accepts URL requests to open Word documents like:
https://myCompany.sharepoint.com/:w:/r/teams/Test-EZ-CO-LON/Test-CO-L1227/_layouts/15/WopiFrame.aspx?sourcedoc=%7BCDE12345-ABC1-4A5F-9097-008E876E4E66%7D&action=interactivepreview
That works fairly good either by opening the URL directly in a browser, or setting it as the source in an iframe like this:
<iframe _ngcontent-ryg-c10="" frameborder="0" height="750" width="100%" src="https://myCompany.sharepoint.com/:w:/r/teams/Test-EZ-CO-LON/Test-CO-L1227/_layouts/15/WopiFrame.aspx?sourcedoc=%7BCDE12345-ABC1-4A5F-9097-008E876E4E66%7D&action=interactivepreview"></iframe>
So, that URL works perfectly fine for both direct opening and using it in an iframe.
The problem is, that if change the WOPI action value from "interactivepreview" to an edition action value like "edit", for example, like this:
https://myCompany.sharepoint.com/:w:/r/teams/Test-EZ-CO-LON/Test-CO-L1227/_layouts/15/WopiFrame.aspx?sourcedoc=%7BCDE12345-ABC1-4A5F-9097-008E876E4E66%7D&action=edit
the URL can still be opened correctly when opened directly in the Web browser, but if this new URL is used in an iframe like this:
<iframe _ngcontent-ryg-c10="" frameborder="0" height="750" width="100%" src="https://myCompany.sharepoint.com/:w:/r/teams/Test-EZ-CO-LON/Test-CO-L1227/_layouts/15/WopiFrame.aspx?sourcedoc=%7BCDE12345-ABC1-4A5F-9097-008E876E4E66%7D&action=edit"></iframe>
Then Sharepoint refuses to frame, sending this content security policy error message:
Refused to frame 'https://myCompany.sharepoint.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com".
So, in summary:
For non-editable WOPI actions (e.g. "interactivepreview") the URL works well for all scenarios (both within an iframe and non-iframe).
For editable WOPI actions (e.g. "edit"), the URL works well only if consumed directly (non-iframe).
For editable WOPI actions, the URL does not work when used in an iframe because the aforementioned error.
Is this a WOPI misconfiguration, a Sharepoint misconfiguration, a client (browser) request misconfiguration, or something else?
I'm trying to display a iFrame with Looker SSO, I used looker_sso_tool to generate the Embed URL, and it shows the dashboard I want, however when I try to use the url with a localhost application it shows the error:
Refused to display 'https://xerpabr.looker.com/login' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
I also notice the requested URL from this tool has a Location Response of:
https://xerpabr.looker.com/embed/dashboards/2
While in localhost it is:
https://xerpabr.looker.com/login
I'm using the node_example of sso embed, just changing the return to display the iFrame, like so:
res.end("<iframe height=400 width=600 src=" + url + "> </iframe> ");
How can I solve that?
Could you try generating a URL from the tester tool (with preview turned off) and serving that exact URL from localhost? I suspect the problem may be with something in your script, even though you said you didn't change much.
That error is often a bit of a red herring that means your URL isn't authenticating properly— Looker sets x-frame-option headers on the login page that prevent it from being embedded, so if the generated URL doesn't work to log you in and instead redirects to /login, the error can appear. If you take a generated URL from your script and pass it through the Admin > Embed url verification tool, do you get any hints?
You could also try asking over on discourse.looker.com where there's a wealth of Looker experts!
I recently moved to HTTPS. I am currently have a local time displayed on the site using the following code:
<iframe class="current-time" src="http://free.timeanddate.com/clock/i35r7kr2/n47/tlau/fs12/fcfff/tct/pct/ahl/th2/ts1" frameborder="0" width="54" height="14" allowTransparency="true"></iframe>
However now we are on HTTPS it does not show because its loaded from a http:// site so browsers don't display it.
Can someone advise a method of display our local time as http://free.timeanddate.com does not have an SSL certificate
ADDITON INFORMATION AS REQUESTED:
When we load the site that is now secure the place where the time was once displayed is blank and the browser indicates that some insecure content has been blocked. See https://www.reeffree.com.au/ to see a secure site - the missing part is under "Call Us Mon-Fri 7am-9pm & Sat-Sun 8.30am-7pm Brisbane, Australia (AEST). At ReefFree it's currently " that can be found on the right top of the page below the slider.
To see what it looked like before see the following link: http://www.extremefree.com.au/
Using this website you can see that it is the date and time script that is stated above that is causing the issue - I need to replace it with one with HTTPS: https://www.whynopadlock.com
The free service you're using supports HTTPS. Simply go back to http://www.timeanddate.com/clocks/free.html and when you get to the "Get HTML" step, choose "Secure Web Page" This will generate an <iframe src="https://... Note the URL is https instead of http
I am developing an application for a social network. When I try to access it I get an error in my browser:
Refused to display document because display forbidden by X-Frame-Options.
This social network uses Iframe. My question is, how do I change the header to solve this problem?
Considering Overcoming "Display forbidden by X-Frame-Options", in my servlet I tried command:
httpServletResponse.addHeader("X-FRAME-OPTIONS", "SAMEORIGIN" );
Considering http://www.rivercitystudio.com/blog/2011/09/google-maps-embedding-x-frame-options-change/ I've also tried adding in my url the following:
&output=embed
None of the two alternatives worked.
If it's your page that is in the frame, then don't send X-Frame-Options at all. The default is to allow embedding.
If it's social network's page that is in the frame, then there's no way to disable it. The whole point of this is prevention of clickjacking via frames.