1. 技术文章
  2. does not permit cross-origin framing iframe

does not permit cross-origin framing iframe

邮差的信 提交于 2019-12-22 04:38:12

问题


Hi I 2 have iframes in my page in the one is working fine and another one is not working giving error as does not permit cross-origin framing. Example code is bellow: 

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org   /TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<script type="text/javascript" src="../script/jquery.js"></script>
<title>Cancellation Policy</title>
</head>
<body>

<span>Some text goes here.</span>
<br /><br />
<iframe src="http://www.w3schools.com/"></iframe>
<iframe src="https://www.google.co.in/?gws_rd=cr&ei=-bmBUo24M6npiAeepICYAg"></iframe>

</body>
</html>

Any help is greatly helpful.


回答1:


Hey I found the solution to the problem. The problem is because the domains restricted to get access by other domains as they can hack the information here is the link which explains about the cross domain policy.

And we can over come from this problem by getting html Content and displaying that in our domain instead of accessing the other domain directly. And here is the link which explains about that.

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org   /TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<script src="http://code.jquery.com/jquery-1.2.3.min.js"></script>
<title>Cancellation Policy</title>
</head>
<body>

<span>Some text goes here.</span>
<br /><br />
<iframe src="http://www.w3schools.com/"></iframe>
<iframe src="https://www.google.co.in/?gws_rd=cr&ei=-bmBUo24M6npiAeepICYAg"></iframe>

<script>
        var url = 'https://www.google.co.in/?gws_rd=cr&ei=-bmBUo24M6npiAeepICYAg';
        $.getJSON('http://whateverorigin.org/get?url=' + encodeURIComponent(url) + '&callback=?', function(data){
            var html = ""+data.contents;

            /* Replace relative links to absolute ones */
            html = html.replace(new RegExp('(href|src)="/', 'g'),  '$1="'+url+'/');

            $("#siteLoader").html(html);
        });
    </script>
    <div id="siteLoader">
        <i>Loading&hellip;</i>
    </div>
</body>
</html>



回答2:


I think you can't open a secured website in iframe. i.e. those websites that starts with https:// can not be opened in iframe. You can open w3school.com in an iframe but not https://twitter.com or https://facebook.com or https://google.com, etc.

I got below error while trying to open google.co.in in an iframe:

Load denied by X-Frame-Options: https://www.google.co.in/ does not permit cross-origin framing.


来源:https://stackoverflow.com/questions/19921676/does-not-permit-cross-origin-framing-iframe

标签
jsp
iframe
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!