Menu
Setting up the sandboxes for all these option is not feasible right now. So I am appealing to the community for help. This is a weird one and I just want to know what will work (most importantly in ie) and what wont.
For better reading ;)
╔═════════════════════╦═══╦═══════════════╦══════════════════╦═══════════════════╗
║ Page with an iFrame ║ c ║ inside iFrame ║ domain ║ works? ║
╠══════════╦══════════╣ o ╠═══════╦═══════╬══════╦═══════════╬═══════════════════╣
║ http ║ https ║ n ║ http ║ https ║ same ║ different ║ ║
╠══════════╬══════════╣ t ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ X ║ ║ a ║ ║ X ║ X ║ ║ no idea ║
╠══════════╬══════════╣ i ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ X ║ ║ n ║ ║ X ║ ║ X ║ no idea ║
╠══════════╬══════════╣ i ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ ║ X ║ n ║ ║ X ║ X ║ ║ no idea ║
╠══════════╬══════════╣ g ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ ║ X ║ ║ ║ X ║ ║ X ║ no idea ║
╠══════════╬══════════╣ ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ X ║ ║ ║ X ║ ║ X ║ ║ I know this works ║
╠══════════╬══════════╣ ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ X ║ ║ ║ X ║ ║ ║ X ║ I know this works ║
╠══════════╬══════════╣ ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ ║ X ║ ║ X ║ ║ X ║ ║ doubt this works ║
╠══════════╬══════════╣ ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║ ║ X ║ ║ X ║ ║ ║ X ║ doubt this works ║
╚══════════╩══════════╩═══╩═══════╩═══════╩══════╩═══════════╩═══════════════════╝
Please help! Thanks in advance.
431
Generally, web application allows script running between pages(parent and iframe pages) in the same domain based on same-origin-policy. Unfortunately it does not support scripts if different domain. The policy does not allow it.
Cross-origin communication in between iframe and it's parent website. Yes, it's not any hack or something, but with simple functions you can communicate in between iframe and it's parent website.
Navigating or redirecting to an HTTP URL in an iframe embedded in an HTTPS page is not permitted by modern browsers, even if the frame started out with an HTTPS URL.
allow-same-origin allows the document to maintain its origin; pages loaded from https://example.com/ will retain access to that origin's data. allow-scripts allows JavaScript execution, and also allows features to trigger automatically (as they'd be trivial to implement via JavaScript).
Whether the containing page and the iframe are on the same domain or not doesn't really matter.
http:// with an iframe using an http:// URL: works fine.http:// with an iframe using an https:// URL: works fine, but you won't be able to ensure the security of the iframe.https:// with an iframe using an http:// URL: will generate mixed content warnings, thereby introducing a potential security risk, and should be avoided.https:// with an iframe using an https:// URL: works fine. The users may find it hard to check that the iframe comes from the site they expect. They effectively trust the containing page to do the right thing (see 3-D secure problem).
79
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
