asp.net page with iframe with youtube video sometimes requires refresh - iframe

I have an asp.net page with an iframe in it that shows a youtube video. I have buttons that use the youtube api to control the video. I'm finding that often the video doesn't show up, and I have to do a view-refresh to make it work. This problem is limited to Internet Explorer, I believe that Google chrome does not have the same problem.
I've been told not to use iframes at all by a tech support person at the server company that hosts my site. They say people are moving away from iframes, and that I should use other methods of embedding youtube videos.
I could certainly do that, but youtube recommends using iframes, because they are more flexible.
If I could make the 'refresh' problem predictable, I would submit it to Microsoft, but I can't figure out why it happens sometimes, but not other times.
I could also force a refresh.
My question is, does anyone have a clue why this bug is happening.
Thanks.

This happens a lot with IFRAME content. I believe it's to do with the way that Internet Explorer caches stuff, but to be perfectly honest, I'm not sure on the details.
What I can share is an old trick we used to use with dialog boxes.
Say your src attribute is "http://www.youtube.com/watch?v=1wL7RHoDnxs"
You can bang an extra parameter onto that GET string, like:-
"http://www.youtube.com/watch?v=1wL7RHoDnxs&doesntmatter=203933"
See the extra doesntmatter parameter there? The value is random, or based on a timestamp. Your choice. The trick is to give a different URL to IE each time. This'll stop it from trying to use a cache for your IFRAME content.

Related

Prevent iframe from opening in a new window

I have seen some answers about it but i have a same issue that is rather a little more complex.
I have a site about tourism build in wordpress localy and i have integrated in it some iframes from booking.com
The iframes are working good but when you click on the links inside it opens on a new window. All i want is to reload inside the iframe.
Also if some have worked with booking.com before i would like to ask...when you search from there search box and hit search is there a way not to open in a new window but instead in a new page inside the site?
In this case, due to cross-domain policy restrictions, you simply cannot control any of the booking.com iframe. That's by design, for security reasons. Unless you deal with a same-origin iframe (i.e. from the same domain name) there is nothing you can do here. You depend on booking.com's implementation entirely.
You may want to consider a plugin like http://wordpress.org/plugins/booking-search-hotel/ (found from a quick search) or see if other XML API solutions are available for more control.

fancybox makes multiple request on iframe

I'm using the fancybox v2.1.5 for a .net application.
I use the iframe for displaying an aspx-side. Works fine. But today I noticed, that the request to my aspx-page to be displayed in a fancybox was made 4 times. I tested it with another page - same issue.
Here is all what I do:
Change password
This is the easy side, but in another there are some DB-Calls an many lines of code, so it isn't really a good thing because of the performance.
I've only found one very old link: google groups
thx
©a-x-i

How does it appear that MDN can detect a request from an iframe on the Server Side and send no content?

Please Note: This question is not related directly to Server-side detection that a page is shown inside an IFrame, as I'm showing you an instance where it would appear that the guys at MDN (Mozilla Developer Network) are already detecting that content is being delivered to an iframe, although, if you read through this, I discuss the possibility that this isn't server-side related at all; it might be some sort of "rights" issue declared some how or in some way I don't know about. The point is to understand how something already existing works.
First of all, I do not desire to rip off MDN (Mozilla Developer Network) content as my own. I'm asking this because I'm truly puzzled by it. The guys at MDN seem to have pulled of a nice trick, and I'd like to know it, but maybe its simpler than I realized.
The code is only:
<iframe src="https://developer.mozilla.org/en-US/docs/HTML/HTML5"></iframe>
Take, for example, this fiddle:
http://jsfiddle.net/jfcox/D3UNZ/
Do you notice how there's no content in the iframe? There doesn't appear to be any content related to the request on the Chrome network tab.
I assure you, that'd work on a "normal" website, like example.org. see http://jsfiddle.net/jfcox/nPwcu/
So, I ask, what is it that they are doing to detect that a request is being made from an iframe?
Is there some Browser-Fu I don't know about? Oddly enough, that might be the case. From IE9.
To help protect the security of information you enter into this
website, the publisher of this content does not allow it to be
displayed in a frame.
Wow! Ok, so maybe it's not server-side, maybe it's all Browser-Fu. Even so, how does IE9 and these other browsers know what I don't know? What do I need to look up to learn about this?
I have my own suspicions, namely that there's some file at the root of the website like crossdomain.xml for flash that defines permissions about content usage or whatever, but I still wouldn't even know where to start if that's the case.
Turns out, it's a pretty simple copy protection. All you need to do is set a response header.
https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
https://datatracker.ietf.org/doc/html/draft-ietf-websec-x-frame-options-00
Yes, "frame", instead of "iframe".
:eyeroll:
I suppose the name makes sense, considering the possibility somebody could still attempt to use old HTML 4 frame tags for whatever purpose, and I would expect most browser/DOM engines have baked-in support of frame tags given HTML history. Netscape created/supported frames as early as version 2.0 and iframe was a later, purely-Microsoft invention that found wide adoption, IIRC.

Bust iFrames accurately when implementing DiggBar or FacebookBar?

Understanding all the security and UI concerns with iFrames, I am implementing a toolbar similar to the DiggBar or FacebookBar.
A top bar persists across the top 30 pixels of the screen, and an iFrame displaying external content fills up the remainder of the page.
When users close the toolbar, and thereby exit my little site to go directly to the third-party site, how can I bust the iFrame properly and display the right page? If the user clicks on even one link in the iFrame, I end up showing the wrong page.
Given my understanding of browser security, and coupled with how DiggBar and FacebookBar fail to do this accurately, I'm guessing it cannot be done.
But I was hoping the Stackoverflow coders are smarter and might have an answer? :)
Thanks!
You can't. Because of browser cross site-scripting security, your bar which sits in its own frame cannot access any other frames and determine their URLs.
Not to mention that'll you'll be sued by website owners for numerous things and that you'll piss off every hacker out there.
This is the last thing you want to do if you'd like to NOT in your our office as that one guy who wanted to include everyone elses web site in their website with the owners permission.
I wouldn't speak up at any of the conventions either.
I've also added the question: "Have you ever written code or worked on code that frames other sites?" to my list of questions to use to weed out job applicants.

Using ASP.Net, is there a programmatic way to take a screenshot of the browser content?

I have an ASP.Net application which as desired feature, users would like to be able to take a screenshot. While I know this can be simulated, it would be really great to have a way to take a URL (or the current rendered page), and turn it into an image which can be stored on the server.
Is this crazy? Is there a way to do it? If so, any references?
I can tell you right now that there is no way to do it from inside the browser, nor should there be. Imagine that your page embeds GMail in an iframe. You could then steal a screenshot of the person's GMail inbox!
This could be made safe by having the browser "black out" all iframes and embeds that would violate cross-domain restrictions.
You could certainly write an extension to do this, but be aware of the security considerations outlined above.
Update: You can use a canvas utility function to get a screenshot of a page on the same origin as your code. There's even a lib to allow you to do this: http://experiments.hertzen.com/jsfeedback/
You can find other possible answers here: Using HTML5/Canvas/JavaScript to take screenshots
Browsershots has an XML-RPC interface and available source code (in Python).
I used the free assembly UrlScreenshot.dll which you can download here.
Works nicely!
There is also WebSiteScreenShot but it's not free.
You could try a browser plugin like IE7 Pro for Internet Explorer which allows you to save a screenshot of the current site to a file on disk. I'm sure there is a comparable plugin for FireFox out there as well.
If you want to do something like you described. You need to call an external process that prints the IE output as described here.
Why don't you take another approach?
If you have the need that users can view the same content over again, then it sounds like that is a business requirement for your application, and so you should be building it into your application.
Structure the URL so that when the same user (assuming you have sessions and the application shows different things to different users) visits the same URL, they always see same thing. They can then bookmark the URL locally, or you can even have an application feature that saves it in a user profile.
Part of this would mean making "clean urls", eg, site.com/view/whatever-information-needed-here.
If you are doing time-based data, where it changes as it gets older, there are probably a couple possible approaches.
If your data is not changing on a regular basis, then you could make the "current" page always, eg, site.com/view/2008-10-20 (add hour/minute/second as appropriate).
If it is refreshing, and/or updating more regularly, have the "current" page as site.com/view .. but allow specifying the exact time afterwards. In this case, you'd have to have a "link to this page" type function, which would link to the permanent URL with the full date/time. Look to google maps for inspiration here-- if you scroll across a map, you can always click "link to here" and it will provide a link that includes the GPS coordinates, objects on the map, etc. In that case it's not a very friendly url but it does work quite well. :)

Resources