i have a problem in adding iframe in my website EAADHAR, i want to add this website eaadhaar.uidai.gov.in in iframe of my site but when i add this iframe on my site it could not show anything its show blank page, if i add uidai.gov.in in iframe then its my website shows correctly this website in iframe, so at that time what can i do to add eaadhaar.uidai.gov.in to my site in iframe please solve my problem
working code
<html>
<body>
<iframe src="https://uidai.gov.in" width="600" height="400" >
</iframe>
</body>
</html>
Not working Code
<html>
<body>
<iframe src="https://eaadhaar.uidai.gov.in" width="600" height="400" >
</iframe>
</body>
</html>
Ok I got your problem. All you need to do is add the protocol it follows to make sure that doesn't mess-up with a multi-level subdomain.
Try the following code:
<html>
<body>
<iframe src="https://eaadhaar.uidai.gov.in" width="600" height="400"></iframe>
</body>
</html>
If something is not working, let me know.
UPDATE
The server sets the X-Frame-Options header to explicitly stop you
embedding the site in a frame. There is nothing you can do about this
- if the server sets that header your browser will not display the content.
The only thing I can think of is to proxy an AJAX request for the url, then look at the headers, and if it doesn't have X-Frame-Options, then show it in the iframe.
The second, non-working URL is sending a header indicating it should not be iframed.
$ curl -I https://eaadhaar.uidai.gov.in
> HTTP/1.1 200 OK
> Date: Sat, 30 Apr 2016 18:06:54 GMT
> Server: Apache-Coyote/1.1
> X-Frame-Options: SAMEORIGIN
> ...
That X-Frame-Options value tells your browser to only allow websites on the same domain name to iframe it. Any other site is forbidden from doing so.
Related
This will not work, because Google sends X-Frame-Options: SAMEORIGIN:
<iframe src="https://www.google.com/"></iframe>
Here is a way around that:
<iframe src="https://www.google.com/webhp?igu=1"></iframe>
This, however, does not work:
<iframe src="https://fonts.google.com/webhp?igu=1" ></iframe>
Why?
The page at https://fonts.google.com/webhp?igu=1 sends both X-Frame-Options and CSP:frame-ancestors which both prohibit displaying it in an iframe. The path or parameter of /webhp?igu=1 likely disbles the framing prevention.
I am using Firebase Dynamic Links REST API to generate short links.
If I paste that link into the browser it redirects and loads the appropriate image. But when I use the same link to load image in <img> tag in my webpage it fails.
I created a sample(codesandbox link below) trying to load the same image. I put two image tags, one with bit.ly shortener and one generated with the firebase dynamic links generator. The bit.ly link loads fine.
Sample codesandbox : https://codesandbox.io/s/using-img-tag-forked-ufnd31?file=/index.html
Sample short link for a image : https://files.flux.chat/vs4fy3cY7s1aMnS57
Create dynamic link payload
URL : https://firebasedynamiclinks.googleapis.com/v1/shortLinks?key=WEB_API_KEY
BODY : {
"dynamicLinkInfo": {
"domainUriPrefix": "https://files.flux.chat",
"link": "https://firebasestorage.googleapis.com/v0/b/fluxchathq.appspot.com/o/business%2F5Nmu0449tlNVWVdOpo8h%2Fincoming%2FNA?generation=1654498929454543&alt=media&token=664c135f-48f3-4de8-8ba7-d75ca3a5362f",
"navigationInfo": {
"enableForcedRedirect": true
}
},
"suffix": {
"option": "UNGUESSABLE"
}
}
HTML code
<!DOCTYPE html>
<html>
<head>
<title>Parcel Sandbox</title>
<meta charset="UTF-8" />
</head>
<body>
<div>
<img class="image" src="https://files.flux.chat/vs4fy3cY7s1aMnS57" />
<img class="image" src="https://bitly/3Lr8Bq1" />
</div>
</body>
</html>
I don't have any experience with this, but I think shortened urls won't work as an image source-- they don't point to an image directly, they redirect to an image.
Here's an old answer that seems relevant: https://stackoverflow.com/a/27062627/954986
That is not possible unless you own the domain where you want the shortened URL. For example, to do that, you would need to own (or have access to) the website bit.ly.
bit.ly is not hosting your video or your image, it only redirects them to the real URL when you click on the link.
[...]
You will see that your image is NOT in the code. It only redirects to the page that DOES contain your image.
Perhaps you could make an XHR request in javascript, and see if it returns a 3** status with some other location, and use that as the source for the image? (edit: the short link doesn't have CORS enabled, so this probably won't work)
I just tested with curl (well, httpie which is far superior), and the sample shortlink you provided gives a 302, with the Location response header being the actual image.
edit: I tested your sandbox, and the flux.chat image source shows a GET request resulting in a 403 Forbidden status code in the browser console. Maybe it's because it's being called from localhost? But firebase sees something about the request it doesn't like (maybe origin being localhost, maybe it being in an image source, maybe ..?) and that's preventing it from loading.
Sorry I don't have anything more concrete for you, definitely a strange issue.
I am facing this weird issue when working with iframes.
I have a page(jsp) based on spring portlet framework which I want to render in an iframe. I made a dummy iframe and it was working perfectly fine in both IE(iE11) and Chrome when i was testing with my local server. However once the code got deployed to the dev server, the iframe renders the first page in IE, but does not render the next page on click of a button on that page. It is still working perfectly fine in chrome. I have no idea as to why that is happening.
Here is the code for my dummy iframe :
<html>
<head>
<title>IFRAME DEMO</title>
</head>
<body>
Forgot Username
Forgot Password
<iframe src="" width="82%" height="800" name="sampleFrame">
<p>Your browser does not support iframes.</p>
</iframe>
</body>
</html>
After reading some oldthreads, I figured out that I need to add the domain to the trusted site of IE and that solution worked. However this iframe will be exposed to the end user and I cannot expect every user to change this setting. Can we enforce it at server level somehow ?
Quick help .. i have a website which is not designed for IE hence i have written php code to read the http ua string to check if it "msie" string exists and redirecting to another page which shows the appropriate message. The trouble with this approach is that when i click the link from MS powepoint 2007 the page redirects to another page though my default browser is Chrome..
I figured that UA is getting set as "mozilla/4.0 (compatible; msie 7.0;" when i click the hyperlink from powerpoint. Is there any other field which can be used to judge that the request is coming from Powerpoint
36 minutes ago ยท Like
A really annoying bug in PowerPoint. A possible workaround is creating an empty page that contains a meta redirect to the URL you want to redirect to. Just dynamically replace the url you want to redirect to each time you go to this redirect page:
<!DOCTYPE html>
<html>
<head>
<title>Redirecting...</title>
<meta http-equiv="refresh" content="0; URL=**MYREDIRECTURL**" />
</head>
<body>
<div>
Redirecting...
</div>
</body>
</html>
Really cannot understand why yahoo iframe works but the google one does not:
<!DOCTYPE html><html><body>
<iframe frameborder="0" src="http://www.yahoo.com"></iframe>
<iframe frameborder="0" src="http://www.google.com"></iframe>
</body></html>
any ideas?
From http://msdn.microsoft.com/en-us/library/cc288472(v=vs.85).aspx#search
Clickjacking Defense: Some hackers try to trick users into clicking buttons that appear to perform safe or harmless functions, but instead perform unrelated tasks. Clickjackers embed malicious code or "redress" the user interface by using transparent frames that overlay specific UI elements with misleading text and images. To help prevent clickjacking, Web site owners can send an HTTP response header named X-Frame-Options with HTML pages to restrict how the page may be framed.
X-Frame-Options: Deny
If the X-Frame-Options value contains the token Deny, Internet Explorer 8 prevents the page from rendering if it is contained within a frame. If the value contains the token SameOrigin, Internet Explorer will not render the page if the top level-browsing-context differs from the origin of the page containing the directive. Blocked pages are replaced with a "This content cannot be displayed in a frame" error page.
Using IE8, I get the following message in the Google iframe
This content cannot be displayed in a frame
To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame.
Looks like Google uses some code to prevent it's content from being displayed in an iframe
EDIT:
I found a decent explanation here: http://forums.asp.net/p/1733782/4654025.aspx/1?I+am+gettignthe+following+error+in+asp+net+with+facebook+app+early+it+is+working+fine+Once+i+click+on+Open+this+content+in+a+new+window+
I have also same error.
I just included inside tag and its works for me fine.
i tested it in chrome, firefox and opera
<div style="height:820px; width:100%" >
<div style="background-color:Green; height:50px; width:100%"> </div>
<iframe id="content" style="height:820px; width:100%; overflow:auto;" src="http://www.google.com" ></iframe>
</div>
You can show google in iframe using the below link by passing igu=1
https://www.google.com/webhp?igu=1
HTML Code:
<html>
<body>
<iframe src="https://www.google.com/webhp?igu=1" height="750" width="850"></iframe>
</body>
</html>