问题
Below is my code:
<div style="border: solid 1px #000000; margin: 5px;">
<iframe src="http://www.w3schools.com" width="100%" height="300px" scrolling="yes"><p>Your browser does not support iframe.</p></iframe>
</div>
Contents of iframe works well in chrome but not in firefox. I've disabled add-ons but my iframe is still empty. Can anyone please help me?
回答1:
If you are trying to add this Iframe on a SSL-encrypted website (https://), it won't work any more since Firefox 23 because Mozilla has decided to blocked all unencrypted content on encrypted websites (for example http-iframes on https-websites).
You can change this behaviour in your own Firefox installation by typing about:config in the address bar and setting security.mixed_content.block_active_content to false.
But that won't help you for all other FF23-visitors on your website.
回答2:
As of 05/2018, the iframe lead is denied by browser due to X-Frame-Options header set to 'sameorigin'.
Tested the page with Firefox and getting blank iframe. Here is what console says:
Load denied by X-Frame-Options: https://www.w3schools.com/ does not permit cross-origin framing.
Why that?I'll give Chrome console a chance, here's what it says:
Refused to display 'https://www.w3schools.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
Basically, X-Frame-Options header (do not confuse that with CORS), is set to 'sameorigin', that means that the browser is allowed to display the iframe content only if embedded in same domain and same protocol (https://www.w3schools.com/ is not sameorigin of http://www.w3schools.com/).
Here are some docs aboiut x-frame-options: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
回答3:
I don't know if its related but when I try to request w3schools by c# it responses 503 forbidden error. So they may use something to prevent showing up on iframes, etc. Facebook has similiar restrictions, you cannot display their likebox iframe unless you log in.
回答4:
Why no one has mentioned CORS yet?
FROM mdn
Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to let a user agent gain permission to access selected resources from a server on a different origin (domain) than the site currently in use. A user agent makes a cross-origin HTTP request when it requests a resource from a different domain, protocol, or port than the one from which the current document originated.
An example of a cross-origin request: A HTML page served from http://domain-a.com makes an src request for http://domain-b.com/image.jpg. Many pages on the web today load resources like CSS stylesheets, images, and scripts from separate domains, such as content delivery networks (CDNs).
For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. For example, XMLHttpRequest and the Fetch API follow the same-origin policy. This means that a web application using those APIs can only request HTTP resources from the same domain the application was loaded from unless CORS headers are used.
This means that the websites you are trying to enter from the iframe are set to deny requests from your site or others (if not all).
回答5:
I had the same issue. For me the cause was a trailing slash at the end of the url.
Doesn't work:
<iframe src="http://example.com/some/sub/folder/"></iframe>
Works:
<iframe src="http://example.com/some/sub/folder"></iframe>
回答6:
You need to have source file of iframe on localhost.
Firefox and Chrome doesn't display this iframe:
<iframe src="https://www.yourdomain.com/form.html"></iframe>
Works:
<iframe src="/form.html"></iframe>
来源:https://stackoverflow.com/questions/18373592/iframe-contents-cant-appear-in-firefox