Menu
I am using the following simple iFrame code to load Yahoo but it's not loading anyway. in Chrome Inspector I see the URL status as 301 first and then cancel. Any idea why is it happening?
<iframe name="iframe1" src="http://yahoo.com"></iframe> 
814
If the primary domain for your website is secure with SSL (https://) but the source URL for your Iframe is not, your website will display an error, or simply not display the content. To fix this, you'll need to update the Source URL for your Iframe content with the secure (https://) version.
You have to check for HTTP response header X-Frame-Option of those sites. if its value is "DENY or SAMEORIGIN", then you can not load those website in the iframes. DENY = No one can load the website in iframe. Even the same domain page wont be able to load.
Most probably web site that you try to embed as an iframe doesn't allow to be embedded. You need to update X-Frame-Options on the website that you are trying to embed to allow your Power Apps Portal (if you have control over that website). You can find more here.
The issue is related to the rendering of the iframe code which is used to embed another document within the current HTML document. In simple words, because of this bug the browser is not able to show the embedded files on the webpage and hence, you might be seeing a blank page.
You probably get an error message in the log that reads something like this:
"Refused to display document because display forbidden by X-Frame-Options."
To answer your question:
Yahoo is doing this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.
For more info read this: https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
137
Its also very easy to ask site not to load if you are in an iframe with simple javascript. For example, twitter does this
<script type="text/javascript"> //<![CDATA[ if (window.top !== window.self) { document.write = ""; window.top.location = window.self.location; setTimeout(function () { document.body.innerHTML = ''; }, 1); window.self.onload = function (evt) { document.body.innerHTML = ''; }; } //]]> </script> I did not see a console error here and so I guess this is the case here.
The Yahoo! JavaScript is obfuscated but you can see they are definitely removing something at this snippet. (Code taken from yahoo website)
if(self!==self.top){b=function(){if(g.readyState=="complete"){f.remove(g,e,b); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
