I'm trying to embed photospheres into Squarespace.
Google Maps works fine, but doesn't suit my needs and looks as follows:
<iframe src="https://www.google.com/maps/embed?pb=!1m0!3m2!1sen!2sus!4v1471028758208!6m8!1m7!1sF%3A-hjcchX5MD5g%2FV03OAcggYUI%2FAAAAAAAAKeM%2FXwIrucnK4IQkwWbhxu9BrvOATMYZaMmKgCLIB!2m2!1d37.870246!2d-119.360704!3f125.91384035181916!4f6.045852307800146!5f0.7820865974627469" width="100%" height="800" frameborder="0" style="border:0" allowfullscreen></iframe>
Instead, I want to embed via sphereshere.net Their embed looks as follows but DOESN'T work.
<iframe src="http://sphereshare.net/#!/e/c467ba7af9753ee287cd44550493e966" height="320" width="620" frameborder="0"></iframe>
What do we think is the problem?
Usually, in cases like this, the problem is the use of the http protocol in an iframe while you're still logged into Squarespace via https. You should try to view the page while not logged in, being sure you're viewing the page via http and not https. If you provide a link to the page, I'm happy to take a look as well.
The reason for this has to do with browser security. Loading a resource over http while viewing the parent website over https is a potential security risk, so browsers do not allow it. Google maps supports loading over https (and you can see the link you're using for Google Maps uses https). Whereas sphereshare.net does not support https, so you're using http. When logged into Squarepace, you're loading the website over https but the sphereshare iframe over http, so browsers do not allow it.
In the future, hopefully you'll be able to use https with sphereshare, then it would work in either case. Until then, you'll have to log out and set your protocol to http in order to view iframes loaded over http.
Related
I'm currently trying to embed using an iframe. The site I'm embedding (embed.embed.embed.com/) doesn't have a protocol (http or https) I'm not sure why this is but it doesnt operate if a protocol is established.
My website is https://www.example.com
<iframe src="//embed.embed.embed.com/"></iframe>
This would return https://embed.embed.embed.com/ (which doesn't work - returns a 404).
<iframe src="embed.embed.embed.com/"></iframe>
This would return https://www.example.com/embed.embed.embed.com/
What can I prefix the src with in order to direct it to a root domain, without assuming a protocol? Is there even a way of doing this? If not with an iframe what other methods might be recommended?
do you want like this,
<base href="http://example.com">
<iframe src="example.com"> </iframe>
I am trying to use embed youtube code in HTML but when I press play button it say "This video is unavailable". I am using the following HTML code for it:
<iframe width="560" height="315" src="https://www.youtube.com/embed/JfJYHfrOGgQ" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe>
Can anyone help me out with this? I have tried other embed youtube videos too, still says same thing. I am using Chrome.
I had the same issue recently and it had nothing to do with video owners embedding settings. Apparently YouTube forbids embedding some videos in a localhost environment without a public domain, but your video can be embedded with no issue whatsoever through a public domain/subdomain: Replace the src value in the JSFiddle from #PStarczewski's answer with your video link and it will work properly.
For me this was caused by a referrer policy "no-referrer" on my site. Youtube seems to block embedding when no-referrer is set.
Hope to save someone from wasting time with this crap.
TL;DR
Youtube allows only https pages to stream with embeds/iframes.
Make sure that embeds are allowed by the video owner.
Set a less restrictive referrer policy such as "no-referrer-when-downgrade" in order to allow youtube to know the origin of the request. In django you can do this by adding following line in settings.py
SECURE_REFERRER_POLICY = "no-referrer-when-downgrade"
Long read:
If you are facing this in django application recently, it could because of the recent change in referrer policy in django 3. Read more here
When you add an iframe for a youtube video (given that the video owner allows embeds), the referrer (the host origin where the video is being played) is sent to youtube, by the scripts inside the iframe (the embed url gets a new page which brings all the required scripts). If the server is setting a referrer policy which prevents the communication about the referrer, youtube rejects the play request and responds with 204 - no content.
Starting from django v3.x, the referrer policy is set to "same-origin" by default which is too restrictive to let youtube know about the origin. In this case, youtube does not allow the video playback and responds with code 204.
This can be resolved by setting a less restrictive referrer policy. You can use "no-referrer-when-downgrade".
In django, you can set this with the following variable in settings.py file.
SECURE_REFERRER_POLICY = "no-referrer-when-downgrade"
The above policy states that referrer will be sent as empty when the access protocol is downgraded, else the origin will be sent as referrer (which is acceptable). Given that, youtube only allows https origins, for this case it means that if the iframe is embedded in a webpage with https, the referrer will be sent properly and should not cause issues while playing youtube videos through such embeds.
On YouTube there is so called "embed settings" where owner of the video can decide whether or not to allow for it.
Here is an example:
JSFiddle
<iframe width="560" height="315" src="https://www.youtube.com/embed/videoseries?list=PLsyvDWwjkTqtOmqAiTzzfHspTAztB-udL" frameborder="0" gesture="media" allow="encrypted-media" allowfullscreen></iframe>
<iframe width="560" height="315" src="https://www.youtube.com/embed/JfJYHfrOGgQ" frameborder="0" gesture="media" allow="autoplay; encrypted-media" allowfullscreen></iframe>
And here you can find more details about this: YouTube Restrict embedding
The problem I had was that my YouTube video was stuck loading when I embedded it. But if I logged out from my YouTube account, then it started to work. I hope this is a temporary bug YouTube will fix soon.
In my case the video was playing fine on my localhost but was showing unavailable when played from the remote server. Turns out it was happening because of this HTTP header: Referrer-Policy: no-referrer.
Removing Referrer-Policy: no-referrer HTTP header solved the problem for me.
Almost took me 15 minutes to solve it!
My website has some embedded Youtube videos where the embed URL uses http and the webpage is also served through http. Some of my users (i.e. using Google Chrome on Windows) have told me that the video isn't playing. However, after changing the embedded URL to serve through https, it seems to play fine (at least on Chrome). Before I change all of the embedded urls to https, my question is whether there's ever an issue serving an embedded video through https if the webpage that it's embedded in is served through http (I know that there can be "mixed content" issues if an embedded video is http while the webpage is served through https).
The code I am using:
<iframe align="middle" frameborder="1" height="500" scrolling="yes" src="youtube.com/embed/video_id"; width="800"></iframe>
Thanks!
The issue would be the same as with any HTTPS resource - if the certificate can't be validated for whatever reason, the embedded resource won't be shown or the user will get a warning (depending on the browser implementation).
So I have this code:
<iframe id="theFrame" src="http://localhost" style="width:100%;" frameborder="0">
</iframe>
and the localhost site loaded in the iframe just fine..
but then when I change the src to an external website
<iframe id="theFrame" src="http://www.youtube.com" style="width:100%;" frameborder="0">
</iframe>
The website did not load.
What did I do wrong? I know that you can use external websites in an iframe since Google Image Search does so...
How can I get external sites to work in my iframe?
The reason why external websites such as:
youtube.com
google.com
stackoverflow.com
etc.
are not loading in your frame, is because they are intentionally leveraging some sort of Frame Killer.
Example (uses jQuery):
<style> html{display:none;} </style>
<script type="text/javascript">
$(document).ready(function () {
if(window.self == window.top) {
document.documentElement.style.display = 'block'; }
else {
window.top.location = window.self.location; }
});
</script>
Suggested reading:
Framekiller (Wikipedia)
Busting a tough FRAME killer
If you run the code snippet below:
<iframe src="https://www.youtube.com"></iframe>
Then look at dev tools, it will throw the error:
Refused to display 'https://www.youtube.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
This is because the site you are trying to access limits embedding (via iframe, frame, embed, object) to the same origin using the X-Frame-Options header. So youtube.com can load iframes with youtube.com pages just fine, but nobody else can. Only site admins for the embedded site can change that setting.
If you have admin for the site you are embedding, you can whitelist the the host site:
X-Frame-Options: allow-from https://my-host-site.com/
This has to be sent as a HTTP Header by the server of the page you are trying to embed. It will not work as a meta tag inside the HTML head. This is how the browser knows the site you are embedding ok'd the site that is hosting to show the page in the iframe.
You are probably experiencing the same issues I am having, Most likely the iframe is being blocked by the X-frame-options or being blocked by the Deny property. For example if you access facebook from an outside source it will come back with a DENY response in google chrome
It appears to be a youtube-only problem; src="http://www.mozilla.org" works for me in your code. If you want to display youtube videos in iframes, they'll probably want you to use "embed" option on the video page?
I'm trying to get Iframes to work. I'm running safari, so it is compatible, but when I test it, it comes up blank.
Code:
<iframe src="http://www.google.com" width="100%" height="300">
<p>Your browser does not support iframes.</p>
</iframe>
I took the code directly from the w3schools website after using the "try it out" editor so I know it's supposed to work. When I changed the page from a page in their subdirectory to an external page, it shows up blank.
The syntax is correct. It's not your fault - Google is blocking iframing using the X-Frame-Options header that newer browsers listen to.
Possible workarounds are explained in this Google forum post.
Follow the instruction in the following Google Developer Site under "IFrame embeds using the IFrame Player API" bullet:
https://developers.google.com/youtube/player_parameters
This uses API's JavaScript code to view youtube videos.
Here's the link with a more general instruction
https://developers.google.com/youtube/iframe_api_reference#Loading_a_Video_Player