I realized that IE8 does not allow links from cross domains to be displayed in IFrame.
It seems like there are only two Header options that Microsoft allows to modify.
X-FRAME-OPTIONS : "DENY" (This does not display any IFrame content )
X-FRAME-OPTIONS : "SAMEORIGIN" (Displays content from the same domain)
Is there a work around to allow content from other domains to be displayed?
Thanks in advance
Point your source to an internal, dynamic (server-generated) page that simply proxies the external web page. I.E. You hit src="myContent.asp", and you get www.google.com, or equivalent.
Related
I have a url (http://localhost:8080/doc1.html) opened in the browser. I have an iframe with url (http://localhost:8080/doc2.html) within the parent document.
The links and forms in the iframe are not enabled. I am unable to click on a link or post the form.
I thought I am not violating the cross-origin policy. The links and form should work.
i had set iframe_obj.style.pointerEvents = "none" as i was doing something on top of the iframe. Now i have set it to "auto" and is editable.
When I put this code into HTML file, it does not show the website.
<iframe src="https://runepedia.com/calculators/combat">
Can somebody help?
It doesn't work because the site set X-Frame-Options HTTP header to DENY.
This means that the browser cannot show the page in an iframe.
From MDN:
deny
The page cannot be displayed in a frame, regardless of the site attempting to do so.
When using 'Embed this post', if a user clicks on a link anywhere within the iFrame it destroys the html inside. You can replicate this issue by following these steps.
Click '...' at the top right of a post.
Go to 'Embed this post' and copy the iFrame code.
Paste the iFrame code somewhere you can test the HTML.
Click a link anywhere in the embedded post.
At this point you'll see the post disappear. The head and body HTML code is destroyed.
I duplicated the issue here.
<iframe src="https://www.linkedin.com/embed/feed/update/urn:li:share:6481527492011139072" height="777" width="504" frameborder="0" allowfullscreen=""></iframe>
Try clicking on the LinkedIn icon on the top left or the like/comment/share buttons.
I tried reaching out to LinkedIn support on their website but their team directed me here.
Refused to display 'https://www.linkedin.com/authwall?trk=gf&trkInfo=AQFSSEZsXsstdAAAAWi4pJ9YQaz5O2_6IRmktVz1kDhxt_uchm59um--vI7OCCG1Nkz-xFDMqtML8ee4C6Min8NUMPsH3DihIAb3hbhB1WUdxyaT2NxjuAgsaAq6GPKgXJra2gA=&originalReferer=https://www.linkedin.com/embed/feed/update/urn:li:share:6481527492011139072&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Faps-technology%3Ftrk%3Dpublic-post_share-update_actor-text' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'"
The content is prohibited from being displayed within an IFRAME due the Content Security Policy being set. The webserver hosting linkedin.com is configured to add a HTTP header to the response object. Specifically they are setting the Content-Security-Policy tag to frame-ancestors 'self'. There is no way you'll be able to embed their pages into a page of your own using IFRAME. There are other techniques that you could use to work around that, but none are as simple as an iframe tag.
W3C Content Security Policy Level 3 - Frame Ancestors
So, it's not something that isn't working, but it's Linkedin that don't let you do it. If you look at the urls you are going to open, also, you could see they are behind the auth wall of linkedin
I have a CMS in wordpress. I want a HTML snippet which we'll use it to show some content in other website.
Main CMS site is http://example.com, other site is http://other.example.com.
Now we want footer to be same, i.e. abc.com and other.abc.com should share the footer. So that If I change footer from CMS, I don't need to change that in main site. The main site will use iframe to show the footer.
What I did
I created a static file and put in the folder (I am serving CMS through apache-bitnami tomcat stack) so the footer URL became http://example.com/footer/footer.html.
Issue is it is not allowing me to access via iFrame because of X-FRAME-OPTION is set to SAMEORIGIN. I don't want this to be changed for all the website.
Is there any plugin which creates embedded-able HTML snippet? Is there other way?
Yes. The iFrame makes the user read from http://example.com/footer/footer.html, but due to security constraints he doesn't do that and nothing is displayed.
So you (aka the server) has to grab the code from http://example.com/footer/footer.html and send it to the user.
Basically you create have to (somehow) create a site http://other.example.com/footer/footer.php (or any other url) which is no static file but mirrors the content of http://example.com/footer/footer. Then you make an iFrame to http://other.example.com/footer/footer.php (the mirror) and the users loads from the mirror, the mirror loads from http://example.com/footer/footer and the footer is displayed.
This is my programmer solution, i don't know how much of a (non-) programmer you are and if you want to do this.
My WordPress blog has a single post designated as sticky that will always load when the site.com address is hit.
However, since this is a post it resolves to both insert-post-name-here and index.php in my sitemap.
For example, the link to Home and the link to the insert-post-name-here page appear to be two different pages for Google, but they load the exact same content.
This creates a potential duplicate content penalty with the Big G.
Any suggestions how to work around this?
Maybe Permalink Redirect WordPress Plugin, or hard code the sticky content in index.php (or a template file based on index.php) so it's always there.