Following chunk html code works as expected:
<iframe src="http://www.amazon.com/"></iframe>
But when trying embed inner Amazon pages http://www.amazon.com/gp/product/0672329166/ref=s9_simh_gw_p14_d0_g14_i1?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-2&pf_rd_r=1E72BDHD1YZMPYZ2HM4Z&pf_rd_t=101&pf_rd_p=470938631&pf_rd_i=507846 nothing appears.
Firebug shows that request is well executed with a 200 OK code.
<iframe src="http://www.amazon.com/gp/product/..."></iframe>
Is there some Amazon policy involving this kind of use of their site?
They use x-frame-options to block their content from being loaded in frames.
Related
I am deploying an <iframe> on a page on Site A as a quick and simple way to display a fragment from a complex page elsewhere on Site A:
<iframe src="http://site-a.com/complex-page/"></iframe>
Nothing displays in the <iframe> on Site A.
Troubleshooting:
I checked http://site-a.com/complex-page/ in the browser and the page displays normally.
I tested the <iframe> by using http://site-b.com/complex-page/ as the source and the <iframe> displays the external page on (external) Site B, as expected.
I tested the <iframe> by using http://site-a.com/complex-page-2/ as the source and, once again, nothing displays in the <iframe>.
So... this is clearly something to do with Site A, if the <iframe> on Site A is not displaying any of several pages on Site A, but it is showing any of several pages on Site B.
This clearly isn't a same-origin issue - Site A is the same origin as Site A.
So what is preventing the displaying of the external page on Site A?
Additionally:
If I Right Click > This Frame > View Frame Source then I can see the HTML Source of the document loaded by the <iframe>... but whatever content or styles I add to the document, nothing displays.
That suggests the <iframe> is successfully accessing the page but then (for some reason) failing to display it.
Supporting information: The site is built with PHP server-side and with HTML5, CSS3 and Javascript client-side.
This problem was a little easier to solve, once I had understood that what I was facing was an X-Frame-Options issue.
Apparently X-Frame-Options can have three values:
DENY
SAMEORIGIN
ALLOW-FROM [URI]
X-Frame-Options can be set in an .htaccess file using any of the three values above.
In this case I needed to add the following lines to my .htaccess file:
# HEADERS
<ifModule mod_headers.c>
Header set X-Frame-Options "SAMEORIGIN"
</ifModule>
Thanks to this page:
[Iframe] X-Frame-Options : website does not permit framing
http://techdc.blogspot.co.uk/2015/04/iframe-x-frame-options-website-does-not.html
So the latest version of Chrome and maybe Safari too doesn't let you load in iframes inless you're on the same domain for certain websites that don't want to be iframed like google.com.
<iframe src="http://www.google.com" style="width:600px;height:500px;" frameborder="0"></iframe>
The Error I get in Chrome is..
Refused to display document because display forbidden by X-Frame-Options.
Is there a workaround to avoid this error and display the iframe.
From what I read the x-frame stuff is to prevent click jacking via iframe, but I'm not trying to do that I just want to load in the site the way the iframe I thought was supposed to perform.
Is there away around this using PHP?
No, there is no way to bypass this restriction.
I am using php to develop a twitter search api which is able to search twitter, and save posted images from tweets.
It all works fine etc, but for facebook, instead of the image being loaded with the webpage, its loaded after in a response. Using firebug, going to the Net tag, I can see the html source code I need under the response tab for a getphoto(). I am looking to grab an img src from this html text, but
Facebook seems to load the basic stucture, then reload the page with the image on it.
My question is: How can I get this 'response body'?
I have used get_headers() before, but I dont think it will work in this situation, and I have trawlled the net looking for an answer to this, but none have appeared.
Any help would be much appreciated, thx in adv.
Dont think my code will help explaining, but willing to put some up
EDIT:
example facebook url: /https://www.facebook.com/photo.php?pid=1258064&l=acb54aab14&id=110298935669685
that would take you to the page containing the image
This is the image tag:
img class="fbPhotoImage img" id="fbPhotoImage" src="https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-ash3/522357_398602740172635_110298935669685_1258064_1425533517_n.jpg" alt=""
But this does not show up until the response comes through.
I have a get_header funciton in to expand shortened URL's, due to twitters love for them, and this can get and image from other 3rd party photo sites with multiple shortens/redirects.
Have not used cURL before, is it the best/only way?
Thanks again
instead of the image being loaded with the webpage, its loaded after in a response
I don't know what this means.
I can only guess that the URL you are trying to fetch the html from, which your code is expected to parse to extract an image URL, is actually issuing a redirect.
Use curl for your transfers and tell it to follow redirects - NB this will only work with header redirects - not meta equiv redirects, meta refresh redirects nor javascript location redirects.
(maybe Faceboo0k don't want you to leech their content?)
How can I load an external page (ex: http://www.google.pt) to a div in my page?
I've tried html5 like this:
document.getElementById(id).innerHTML = "<iframe src='http://www.google.com' height='100%' width='100%'></iframe>";
but it doesn't load.
When I put a page from my domain, it properly loads.
How can I load an external page (from another domain) ?
There are some cross-domain restrictions because of which you cannot load any external site directly into an iframe on your page.
However you can try the following jQuery plugin for making cross-domain AJAX requests;
https://github.com/padolsey/jQuery-Plugins/blob/master/cross-domain-ajax/jquery.xdomainajax.js
Google does not let itself be loaded from within an iframe.
Loading this iframe gives this error : Refused to display document because display forbidden by X-Frame-Options.
Which means that Google doesn't allow you to do this. If you want to use Google Search on your site, you can use Google Custom Search.
You should really do this server-side, because including a page on the client-side can have bad effects. For a start, Google won't read a page loaded with an iframe.
It's a pretty cheap way to do things, does your server not support PHP?
i am trying to open a google search inside an iframe. it was working until recently but something happened.
this can be tested here: http://jsfiddle.net/patrioticcow/xTjyX/
i also added &output=embed at the end of the link, but it looks like it doesn't help.
in chrome i get: Refused to display document because display forbidden by X-Frame-Options.
but it doesn't work in Mozilla also.
any ideas?
thanks
The X-Frame option is a header sent by the webserver of the page you are trying to embed into the iframe. It basically tells the browser not to allow embedding the page in an iframe. Have a look at https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header for a more detailed description.
Obviously Google does not want you to embed it's search results into an iframe.
We are seeing the same problem - this time with google in a standard frame. It was fine a couple of months ago, now it's not working. I think that Google just changed the rules... Not a very open thing to do.
I'd suggest that you run what was in the iframe as a separate child window or new tab - not sure if this will give you the result you wanted.