I'm wondering if there is any way with PHP to detect the dimensions of a cross-domain Web page that you have no control over, so as to (initially) set an iframe in your own site to the right size to display it without scrollbars.
In this question:
Get height of iframe with external URL
The poster states "I can get the height of the first page loaded into the iframe (using PHP), but no way of getting subsequent page heights because no way of knowing what the url/location changes to in the iframe."
Does anyone know if that is really possible and how to do it?
In that other question, the poster states:
I can get the height of the first page loaded into the iframe (using PHP), but no way of getting subsequent page heights because no way of knowing what the url/location changes to in the iframe
Reading between the lines, that first page loaded into the iframe must be on the same domain, or possibly a different domain but (crucially) under the control of the same developer as the containing page. It's not possible to read the size of the rendered page using PHP - JavaScript is needed client side to obtain the dimensions of what the browser actually renders which is outside the control of any server-side code. So I'm not sure what was meant by "using PHP".
I'm afraid my answer still holds: It is not possible to get the dimensions of a cross-domain web page that you have no control over, because of the browser's security model. If it was possible, that would be a security problem and would have to be fixed. More details here.
Related
I have a rotator link and I dont want to allow people to open it in iframe.
How to stop php process in iframe?
header("X-FRAME-OPTIONS: DENY");
does not work in firefox and chrome. my link is (EDITED)
Check the Access-control-allow-origin header.
It allows you to control which domain can access or frame your scripts.
You can choose between 3 values :
Only from the same domain
Only from a domain listed on a list you made
From anyone (wildcard)
Since PHP is never in an iframe but executed on the server side there is no way to reliably know if the request originated from an iframe on your site of not.
If your intention (which is not quite clear) is to make sure people don't put an iframe of your site on another site, then you can check for the referrer of the request etc. But most of it can be spoofed.
Update due to comment:
Then there is unfortunately no good standardized way of getting this type of information reliably. If you yourself had an iframe on your site and for some reason didn't want that to be able to call your script you could probably do this by adding some GET parameters via javascript or something. But since you have pretty good control over your own iframes this shouldn't be a problem.
But when it comes to determining of the request from the browser to your server originated in an iframe or not there is no information in the HTTP header to disclose this. The only thing you could possibly be informed about is if that iframe is from a page hosted on another domain.
But if you have an iframe on your own site, don't add any extra parameters to the request and access your script in it and then normally from the browser's main window the two requests will look the same on the server.
I'm not completely sure if I understand your question, but here's a list of things:
If you want to stop your page being loaded in an iframe, there's not easy way of doing that, if the browser is ignoring X-Frame-Options: DENY.
If you have a link the user can click that opens in the iframe, not the parent frame, you can use the base html tag, to specify to the browser to open any links you click in the parent frame, with <base target="_parent" />
If you want to redirect automatically, and that causes an issue when loaded in an iframe because you use headers to do it or something, you could probably use the base tag and some javascript to automate clicking on the link as an alternative
I am attempting to load a script that is on one of my web servers into a page that is on a hosted site with another service. Currently, I am using an iframe to make this work. The issue I have is the iframe cannot dynamically expand based on the php's output.
What has been suggested to me is trying to inject the php output into a div but I don't think that I can do that cross domain.
I am going from a web server at example.net/scripts, which I have full access to, and loading it in a page on example.us, which I have very limited access to since it is a hosted service (namely enjin).
What I need is a solution that will allow me to call the php script from the web server and display its output on the page in an element that can expand based on the output from the script. When it pulls the php script, it needs to display within the CSS parameters that are predefined in the CSS for the div (min-height, max-height) but only at the height of the elements of returned in the script.
To further clarify, I am using the php script to do a foreach loop for json output from an API from TwitchTV. When the foreach loops runs it builds an element structure for each of the returned results to display them as desired. I end up overflowing out of the iframe if i have too many returns and if i have no returns, it just returns a string and displays it, but at that point the iframe's height is too high.
Any examples anyone can give me or solution suggestions?
Since you can AJAX, your solution would be to use AJAX to call the code on the non-locked down site, and return the box with the stuff in it. On the locked-down site, process that code and then just stick it in a <div> on the locked-down site. And of course that div can expand to fit the content like usual.
If, for some reason, you have to use the iframe, just gather the height of the box with javascript (you could hide the box off to the left if need be with left: -9999px). Use that height information to set the height of the iframe. So you are basically loading the content of the iframe twice. Once through ajax just to get the height, and once through the actual iframe.
I don't really see any reason that the iframe should be necessary -- the process in the first paragraph should work fine.
What has been known for a while, is that a "fast navigation" works easily for http://example.com/#1 --> http://example.com/#2.
However, there is a new technique out there. It enables fast navigation between http://example.com/1 --> http://example.com/2.
EXAMPLE: http://rageslide.com/
As you can see in the example, the navigation between http://rageslide.com/1 and http://rageslide.com/2 etc. via swiping apparantly DOES NOT FORCE THE ENTIRE SITE TO RELOAD.
I'd like to do the same for my site, but I have no idea how to do this. All pages served by my site are dynamic (via PHP and MYSQL).
I have this idea:
Cache the generated output of a page (http://example.com/2) for 60 seconds.
When the user is on http://example.com/1 preload (http://example.com/2) via Javascript.
The user navigates from http://example.com/1 to http://example.com/2. Since the content is preloaded and cached, the content will be served to the user instantly.
Different idea:
Somehow, http://example.com/1 is being interpreted as http://example.com/content.php#1 through a .htaccess. But I have no idea if this is possible or not.
Will this work? Or what would be the best way to solve this problem?
No, the url you see there is not used to load another page. There are AJAX requests in the javascript code contained in the website, that load the new content to display and update the URL bar.
You can read more about it in this article and in the following questions asked in the past:
Modify the URL without reloading the page
Updating address bar with new URL without hash or reloading the page
i can think of two possible thing you can try out.
first is simply use iframes to load the next and previous page of each page, and when someone swipes to the next page load the next page to a new iframe or a div with ajax or any other html element for that matter.
the other is to use the rel attribute, here is an explanation about it.
hope this helps you out
you can get pretty close without scripting anything or degrading the site by letting the browser cache the expected navigation point resources
for caching images, put dummies at the end of the body
<img .... height="0" width="0">
and for pages
<link rel=”prefetch” href=”url” /> there is also a rel attribute for next and previous for slide viewer type pages
Note: the url can be a javascript resource
Note2: the transition may be slightly less clean than dynamically populating from javascript especially on larger complex pages, but will still work with noscript or javascript turned off, so maybe a good fallback
I have a bit of a challenging question (well it is for me anyway :) )
I am developing a Joomla template for a client who would like to include a jQuery slideshow, I am also using responsive design for upto 480, upto 800 and over 801px.
What I would like to do is setup 3 slideshow modules (for ease of use for the client, one for images 480 wide, one for images 740 wide and one for images 940 wide, then I would like to call that module depending on the users screen size. I know that this needs to be done with php in Joomla and that it is a server side script only and I'm not a fan on UA sniffing.
This is what I'm thinking, please comment on what you think.
Include PHP function that detects if the $screenWidth variable isset
If not, run javascript that detects users screen width, sets this variable to the URL (or another way that it will hold the variable).
Run an AJAX page reload
Pull the $screenWidth variable from the URL.
The original isset will now return true so the page continues to load.
Then run PHP code using that variable to load the appropriate slide show.
What do you think? will it slow the page down too much? Will the reload work and keep the URL in joomla?
Please let me know you thoughts and offer any suggestions.
Thanks
Lee
Are you sure you need to reload the page? Once you get the screenWidth from the client via an AJAX call, can't you generate the slideshow HTML and send it back? The client can then insert it into the DOM directly without having to reload the page, and you won't have to mess around with maintaining state.
There are many possibilities but i think simpler is better.
I think you should perform following steps
Write a startup javascript function that checks the screen width and height (screen.availWidth and screen.availHeight) and send it to server and create slide show accordingly and send back to client
I'm creating a website where users enter a URL and it's displayed in an iFrame, to be brief. I know a lot of websites have code to break out of iFrames (popular example, Google).
Is there any way to check, with JavaScript or PHP whether a given URL will break out of an iFrame?
As a side-note, I don't mind taking a website snapshot but I haven't found an existing adequate website and I can't seem to install wkhtmltoimage/pdf...but that's a different question.
So long as the iframe's URL is different to that of the parent (your website) the iframe's JavaScript cannot access anything in its parent.
For cross-domain iframe communication to work one might use HTML5's PostMessage (which has decent support as of right now) or passing params via the URL of the iframe.
Both of these methods require the parent (your website) to explicitly intercept the 'calls' from the iframe and do whatever...
All in all, for security reasons an iframe from an unknown source can't simply alter the parent site holding the iframe.