iFrame doesn't work in this case? - html

I need a way to display some websites in an iframe.
But it doesn't work, why ?
<iframe src="https://www.msn.com/it-it/" ></iframe>
<iframe src="http://www.lastampa.it/" ></iframe>
As you can see here, only the iframe on the right does work:
http://codepen.io/anon/pen/EgGrjQ

You can not do that because the site won't allow it. If you have a look in console you will see "Refused to display 'https://www.msn.com/it-it/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'"
This means you won't be able to display https://www.msn.com/it-it/ in an iframe if the iframe is not in the same domain.
More details here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Related

Embedded Vimeo (iframe) fullscreen not working in chrome

I'm trying to embed vimeo videos as iframes. I'm using the following code:
<iframe width="1140" height="570" src="https://player.vimeo.com/video/553469759?autoplay=1&dnt=1" frameborder="0" allow="autoplay; fullscreen; picture-in-picture" allowfullscreen></iframe>
It works fine when I paste it in a codepen or try it in firefox. It doesn't work in chrome for me though. When I inspect the iframe's HTML, I can see that vimeo adds a class no-fullscreen-support, it also added these classes though:
js-player-fullscreen
with-fullscreen
Figured it out on my end. It was due to the Permissions-Policy being set by Nginx in the header. In my instance of Nginx, it was originally set to this:
add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
The culprit in this case was fullscreen=(self) -- it was telling Chrome that unless the code originated from the site, it shouldn't allow full screen. As Vimeo's iframe is being loaded from player.vimeo.com, Chrome saw that as a third party and wouldn't allow it. Removing that from the Permissions-Policy so it looked like this:
add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),payment=()";
Resolved the problem. The button is showing fine now.
For those using Apache, it'd probably look like this:
Header always set Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"
The same principle applies, just remove fullscreen=(self).
You might also see it mentioned as Feature Policy, same thing, it's just called Permissions Policy now.
You can learn more about Permissions Policy here: https://github.com/w3c/webappsec-permissions-policy/blob/main/permissions-policy-explainer.md
From Vimeo Help Center:
The fullscreen button will be hidden from the player in scenarios where fullscreen mode cannot be activated. Here are some common causes:
First and foremost, check the Embed tab. Make sure the fullscreen button is toggled on under the Controls section
The iframe embed code is missing the fullscreen attributes: "mozallowfullscreen,""webkitallowfullscreen," and "allowfullscreen." If you’re pasting your embed code into another application, make sure these values are being retained.
The player iframe is contained within another iframe that is missing the fullscreen attributes. Browsers do not allow iframes to enter fullscreen if they are contained within other iframes without these fullscreen attributes. - Try inserting the player outside of the container iframe or adding "mozallowfullscreen," "webkitallowfullscreen," and "allowfullscreen" to the container iframe.
The iframe is contained within a frame. Frame elements cannot enter fullscreen, and neither can any iframes inside of them. We recommend removing all frame tags from your page’s source code.
If you're not sure if the above cases apply, please contact us, and we’ll investigate further. Be sure to include a link to the page where the video is embedded, so we can take a closer look at your page's source code.
You should add these tags to the element:
webkitallowfullscreen mozallowfullscreen allowfullscreen
what if you just download the video and upload it somewhere like github?
And then use the tag to embed the video?
<video src="protocol://someurl.domain/path" muted autoplay width="1140" height="570"></video>
If vimeo doesn't allow downloading you can always use third-party tools like savethevideo.com

Why the Tag ***iframe*** did not work when the URL was finished by .com?

Why the Tag iframe did not work when the URL was finished by .com?
<iframe name="W3" src="https://www.codecademy.com"></iframe>
This tag did not work becouse it was finishing URL (.com)
I believe it has to do with this stackoverflow question: How to set 'X-Frame-Options' on iframe?
For example if we change the url to https://jquery.com, the iframe works.
<iframe name="jquery" src="https://jquery.com"></iframe>
Therefore, I dont think you can use the site you're trying to use in an iframe.

How can i put my facebook's page in an iframe on any website?

<iframe src="https://www.facebook.com/MYUSERNAME/?ref=hl"> </iframe>
I've been trying this code: but it just don't work out , Kindly suggest me something here .
You can't because of security issues;
Refused to display 'facebook.com/goforazhar/?ref=hl%22%3E'; in a frame because it set 'X-Frame-Options' to 'DENY'.
Facebook denies it pages from being loaded into iFrame.
Refer "X-Frame-Options" documentation for more details;
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

Cannot pull webpage into an iframe?

I am trying to pull a webpage into an iframe on another webpage but it just keeps giving me a blank box. Any idea why this is not working?
My page: (https://www.skmgroupwork.com/facebook/identifix/fix/)
iframe code:
<iframe src="https://www.identifix.com/FOTW/FixFrame.aspx" width="700" height="600" scrolling="no" id="inneriframe" frameborder="0"></iframe>
www.identifix.com blocks external domains using their site in an iframe.
You can see here that they have set X-Frame-Options: SAMEORIGIN which blocks all external domains iframing their site.
Read more about X-Frame-Options header here.
maybe the problem is in the domain of the webpage you want load, proib with other page for exclude problems, some domains of webpage block of call for iframes !!

A part of a website in an iframe, how to open it's links in the parent's window?

I have the following code to insert a part of a website via an iframe on my webpage:
<iframe scrolling="no" frameBorder="0"
src="http://www.dn.se/"
style="width:100%; height:150px; border:none;">
</iframe>
I would like to open all links on the "iframed" website in my webpage's window (and not in the iframe). I have read on SO questions like this one, that I should use:
<base target="_parent" />
But I don't seem to get it right.
How can I open all links in a iframe window in it's parent's window, if it's a website I'm iframing?
(If possible I don't want to use a javascript library like jQuery.)
If your website and the iFrame are not on the same domain name, the browser will not allow this.
It's called Cross-Site Scripting (XSS)