Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

iFrame not loading URL

Tags:

I am using the following simple iFrame code to load Yahoo but it's not loading anyway. in Chrome Inspector I see the URL status as 301 first and then cancel. Any idea why is it happening?

<iframe name="iframe1" src="http://yahoo.com"></iframe> 
like image 814
Volatil3 Avatar asked Apr 22 '12 13:04

Volatil3


People also ask

Why is iframe not displaying content?

If the primary domain for your website is secure with SSL (https://) but the source URL for your Iframe is not, your website will display an error, or simply not display the content. To fix this, you'll need to update the Source URL for your Iframe content with the secure (https://) version.

Why some websites are not opening in iframe?

You have to check for HTTP response header X-Frame-Option of those sites. if its value is "DENY or SAMEORIGIN", then you can not load those website in the iframes. DENY = No one can load the website in iframe. Even the same domain page wont be able to load.

Why do websites refuse to connect in iframe?

Most probably web site that you try to embed as an iframe doesn't allow to be embedded. You need to update X-Frame-Options on the website that you are trying to embed to allow your Power Apps Portal (if you have control over that website). You can find more here.

Why is my iframe blank?

The issue is related to the rendering of the iframe code which is used to embed another document within the current HTML document. In simple words, because of this bug the browser is not able to show the embedded files on the webpage and hence, you might be seeing a blank page.


2 Answers

You probably get an error message in the log that reads something like this:

"Refused to display document because display forbidden by X-Frame-Options."

To answer your question:

Yahoo is doing this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

For more info read this: https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header

like image 137
iambriansreed Avatar answered Sep 21 '22 13:09

iambriansreed


Its also very easy to ask site not to load if you are in an iframe with simple javascript. For example, twitter does this

<script type="text/javascript"> //<![CDATA[     if (window.top !== window.self) {         document.write = "";         window.top.location = window.self.location;         setTimeout(function () {             document.body.innerHTML = '';         }, 1);         window.self.onload = function (evt) {             document.body.innerHTML = '';         };      } //]]> </script> 

I did not see a console error here and so I guess this is the case here.

The Yahoo! JavaScript is obfuscated but you can see they are definitely removing something at this snippet. (Code taken from yahoo website)

if(self!==self.top){b=function(){if(g.readyState=="complete"){f.remove(g,e,b); 
like image 44
naveen Avatar answered Sep 17 '22 13:09

naveen