adding an iframe to facebook does not work anymore since ~2 weeks

Question

I'm writing a firefox extension to read out the privacy settings of a facebook user. (not a facebook app!!) To switch between different websites of facebook I used iframes, but this isn't working anymore. I have this problem since 2 weeks.

$('#globalContainer').append('<iframe id="reusable_iframe" src="" width="90%"  
height="400" name="reusable_iframe"></iframe>');
//....
$('#reusable_iframe').attr('src', link);

I'm follow the Same origin policy and it was working just fine since a 2 weeks!? an example:

var link = "http://www.facebook.com/editprofile.php?sk=basic";

Now I just get a blank iframe :(

the funny thing is, that if I add "http://www.youtube.com/embed/Qi_AAqi0RZM" or "http://trololololololololololo.com/" to the iframe it's working without a problem... :/

did facebook change the rules for own links in iframes? Is there a workaround? Is there an other way for me to scan different sites with firefox-extensions? i would prefer to stay with content-scripts....

Edit: This is how it looks at firebugs... also funny is that the facebook page http://www.facebook.com/undefined is working however!?

<iframe id="areusable_iframe" width="90%" height="400" name="areusable_iframe" src="http://www.facebook.com/">
  <html>
    <head>
    </head>
    <body>
    </body>
  </html>
</iframe>

Answer 1

Facebook sends the following response header to the browser:

X-Frame-Options: DENY

This cause all major browsers (even IE8 and higher) to prevent showing it inside frames.

The old way was "frame buster" using JavaScript forcing the page to open as the top window, but it's very unfriendly so it was replaced by this header in most modern websites that don't want to be displayed in frames.

Not much you can do though, sorry.

The "undefined" page is just blank content which is their 404 custom error page as it does not contain the above header, it can be displayed inside frame.

To learn more about the X-Frame-Options header see this documentation.