Redirect issue in Iframe - iframe

Using SOAP call I am getting a URL and displaying in iframe.That URL contents one form, User need to fill all data and submit it. While I am invoking SOAP function, has given one return link also which one redirecting to my site.But problem is while returning that page is coming inside the iframe. My requirement is pretty clear that it should redirect to given path not inside iframe.
I do appreciate for advance help.
Here is the code for Iframe
<iframe style="width:955px;height:700px;margin: 0px auto;" src="<?php echo $response_data['Url']?>" frameborder="0" webkitAllowFullScreen mozallowfullscreen allowFullScreen id="js-signFrame">
</iframe>

If you have control over both the host website and the iframe content you can use easyXDM to transfer messages between the iframe and the site (of course you can use HTML5 socket but easyXDM have a great fallback mechanism which supports older browsers as well).
You can use the message logic to alter window.location of the parent window.
Here is a POC I made to show how to transfer data between different domains without getting caught by browser's same-origin-policy, you can use it as reference.
link:
https://github.com/eitankw/cross-domain

Related

Iframe content blocked

I have a page where I have an iframe using the following code.
<iframe name="SL" src="https://sl.se/sv/" width="100%" height="870px"></iframe>
It has been working without any problems, but yesterday it became a blank page in the iframe. I haven't updated anything in the page so it must be something in the iframe src that is blocking for some reason. Is there another way to get this page to show inside like an iframe, but with some other code?
If you see the console of your browser, it says:
Refused to display 'https://sl.se/sv/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
which means that they have disallowed loading of the resource in an iframe outside of their domain. For more information take a look at this.

Can not display external page in <iframe>, not an X_FRAME issue

I have an iframe - the iframe works when the src points to a page on the same server, allowing me to embed pages.
The same iframe will not allow me to embed pages from another server. I have tried different src= pages and different browsers on Windows, OSX and Linux. I have tried hard-coding the src attribute and setting it programatically.
I haven't worked w html for years and know click-jacking has caused some hosts to disallow their content but am confident this is not the issue.
<iframe src='myPage.html' name='i' id='i'></iframe>
works as expected
<iframe src='http://theirServer/theirPage.html' name='i' id='i'>
</frame>
does not work as expected
Not all sites allow you to embed them via iframe (such as google). if using Chrome, check your console. If you have an error like "Refused to display 'https://www.google.com/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'." then the site does not allow you to embed it.
Basically if the site uses the header X-Frame-Options, and has it set to SAMEORIGIN, there's nothing you can do.

How to apply css to google calender iframe...?

I want to apply css to google calender iframe. I had tried with Jquery but it gives JavaScript security error. However I also tried this link
Got success but many of its links goes to 404 page as it takes my domain as base URL
You will face a security error when you apply css using javascript to an iframe that contains a page in a different domain. but this problem has a workaround by using document.domain if both documents are on the same top level domain, are using the same protocol & you can add the following line of JavaScript to the page in the iframe:
document.domain = "example.com";
the page containing the iframe needs the same line to make the domains match. Once this is in place, the script running on your main page is allowed to access properties of the document in the iframe element –
You cannot apply css to a iFrame ...
An iframe is a 'hole' in your page that displays another web page
inside of it. The contents of the iframe is not in any shape or form
part of your parent page.
From here
The reason behind that is security. If you have blabla.com in one
window and gmail.com in another one, then you’d not want a script from
blabla.com to access or modify your mail or run actions in context of
gmail on your behalf.
From here
If the iFrame is on the same domain and it doesnt violate the "Same-origin policy", you can work around this situation like this:
$('iframe').load( function() {
$('iframe').contents().find("head")
.append($("<style type='text/css'> .my-class{display:none;} </style>"));
});
Solution posted here
Anyway, if you are not violating the "Same-orgin policy", you probably don't want to use an iFrame.

ASPX Handler for emitting Azure blob content

I generate HTML content and store on a blob which I then need to display in an IFrame. This HTML has been static HTML but now my pages use a bit of JavaScript generated by a 3rd party (it only acts on the page itself). With IE this JavaScript is blocked in the IFrame (it’s not a problem in Chrome) - thus I need to find a solution so the content in the IFrame is not blocked.
One approach I am consider is to serve this up with a CustomHandler. Thus, my handler can handle request that starts with “/blob” and then download the content (HTML pages or images) from the blob and server it up so it appears to the browser that it was from the same server. Is this a good approach to take here?
If yes, then should ProcessRequest simply download the (HTML or image) and save it to the context.Response.OutputStream (with the ContentType set accordingly). What is the best way to get the data from the blob and serve it up?
Don't use an iframe for your own content. If you want a scrollable area, do it with CSS:
.containerContentScroll { overflow: auto; height: 500px; scrollbar-base-color: #963; }
Also, all Azure blob content can be referenced by URL, you could just do:
<iframe src="http://myblob.blob.core.windows.net/.../image.png />
Finally, if you need the iFrame and cross-domain scripting see this SO post for how to enable it in MVC and this article on the XDomainRequest object.
UPDATE - just found Cross Origin Resource Sharing (CORS) via Access-Control-Allow-Origin header is a planned feature for Azure Storage - VOTE here.

google homepage will not load in an iframe

Really cannot understand why yahoo iframe works but the google one does not:
<!DOCTYPE html><html><body>
<iframe frameborder="0" src="http://www.yahoo.com"></iframe>
<iframe frameborder="0" src="http://www.google.com"></iframe>
</body></html>
any ideas?
From http://msdn.microsoft.com/en-us/library/cc288472(v=vs.85).aspx#search
Clickjacking Defense: Some hackers try to trick users into clicking buttons that appear to perform safe or harmless functions, but instead perform unrelated tasks. Clickjackers embed malicious code or "redress" the user interface by using transparent frames that overlay specific UI elements with misleading text and images. To help prevent clickjacking, Web site owners can send an HTTP response header named X-Frame-Options with HTML pages to restrict how the page may be framed.
X-Frame-Options: Deny
If the X-Frame-Options value contains the token Deny, Internet Explorer 8 prevents the page from rendering if it is contained within a frame. If the value contains the token SameOrigin, Internet Explorer will not render the page if the top level-browsing-context differs from the origin of the page containing the directive. Blocked pages are replaced with a "This content cannot be displayed in a frame" error page.
Using IE8, I get the following message in the Google iframe
This content cannot be displayed in a frame
To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame.
Looks like Google uses some code to prevent it's content from being displayed in an iframe
EDIT:
I found a decent explanation here: http://forums.asp.net/p/1733782/4654025.aspx/1?I+am+gettignthe+following+error+in+asp+net+with+facebook+app+early+it+is+working+fine+Once+i+click+on+Open+this+content+in+a+new+window+
I have also same error.
I just included inside tag and its works for me fine.
i tested it in chrome, firefox and opera
<div style="height:820px; width:100%" >
<div style="background-color:Green; height:50px; width:100%"> </div>
<iframe id="content" style="height:820px; width:100%; overflow:auto;" src="http://www.google.com" ></iframe>
</div>
You can show google in iframe using the below link by passing igu=1
https://www.google.com/webhp?igu=1
HTML Code:
<html>
<body>
<iframe src="https://www.google.com/webhp?igu=1" height="750" width="850"></iframe>
</body>
</html>

Resources