Iframe is not showing the correct page - html

How comes I can't use an Iframe for the url http://www.ahv-services.ch/reschweb/rentenform.aspx?
<iframe frameborder="0" height="600px" scrolling="no" src="http://www.ahv-services.ch/reschweb/rentenform.aspx" width="100%"></iframe>
Firefox is showing me that the URL of the Iframe is http://www.ahv-services.ch/errors/error02.htm. This is also the page that is getting displayed in my browser but as you see in src attribute I am not looking for this page.
Edit: Even when you click on that link, it redirects you to the error page. Only when you copy & paste the link, it will show you the correct page.

Presumably, www.ahv-services.ch is examining the referer header sent by the browser (no, you can't supress it) and redirecting if it looks like a third party site is linking directly to that page.
Look at the error message you get (via Google Translate):
The calling web server is not registered for the use of this service. The Web services under www.ahv-services.ch were commissioned by the IGAKIS (www.igakis.ch) by Mathys & Scheitlin AG (www.ms.ch developed). The IGAKIS provides the services generally after registration. For more information or an application for a registration, please contact www.ms.ch or www.igakis.ch.

As you said in your question clicking on the link redirects you to the error page, I can confirm this happens for me too.
This means that there is not a problem with your iframe or any of the code on your page, it is the page at http://www.ahv-services.ch/reschweb/rentenform.aspx which is broken.
If you have access to this website then I would recommend you look into debugging this to see if there is an error in the code. If you do not have access to this then I recommend you get in contact with an admin who does.

Related

How to make iFrame behave exactly as if one were accessing the source site directly?

I am working on a site for a Client and they want to display the following URL in an iFrame:
https://www.vigrxplus.com/ct/3134
If you access that site directly, it will show the Promo code on the source website.
However, if you access that site via an iFrame, it will not show the Promo code on the source website:
https://jsfiddle.net/qc3zvo0b/
<iframe width="100%" height="1000" src="https://www.vigrxplus.com/ct/3134"></iframe>
(Make sure to test the iFrame without prior Cookies from having previously visited the source website directly.)
Attempting to enable all sandbox features for iFrame did not fix this.
The source site also seems to do some kind of redirect.
So how can this be fixed such that the iFrame behaves just like visiting the site directly?

Iframe isn't displayed in IE on some URLs

I have simple html code:
<iframe src="http://public.bullhornstaffing.com" width="500" height="700"></iframe>
<iframe src="http://public.bullhornstaffing.com/JobBoard/Standard/default.cfm?privateLabelID=9076" width="500" height="700"></iframe>
The first iframe displayed excellent in all browsers, but second iframe isn't displayed in IE instead of the page I see the text "Site Not Found. The site your are trying to find does not exist."
But when I try to open iframe url in the browser directly - everything works as it is necessary.
There is method to correct it?
The URL of the second iframe gets redirected to http://public.bullhornstaffing.com/JobBoard/Standard/BHContent_JobOpportunities.cfm and for some reason, the server responds to it differently when accessed on IE via iframe (or otherwise as embedded). What you get is technically a normal server response, just with special content.
It is at the discretion of server admin to do such things, e.g. in an attempt at preventing framing, though this behavior might be unintentional. Contact the server admin.

Hyperlinks in a cloacked website

I have a website which is hosted via my providers webhosting.
I have bought another domainname and forwarded my current website to it.
The technique it uses is cloacking, so my old website is a frame in my new domain.
Everything works perfectly but when I click a hyperlink that goes outside the website (e.g. facebook page), the page won't show.
I have the following error in my Google Chrome console:
Refused to display Hyperlink in a frame because it set X-Frame-Options to DENY.
Any link, tutorial help will be appreciated.
The X-Frame-Options is submitted by pages if they don't want to be displayed in frame or iframe (see mdn: The X-Frame-Options response header)
The message tells you that Facebook tells the browser, that it does not want to be displayed in a frame. To solve this problem you need to set the target attribute for these links to _top or _parent. But be award that the user could prevent these options by browser extensions.
If you plan to use the second domain instead of the first one you should think over doing a 301 redirect. What you should avoid is to find a solution that displays the same content (without iframe) on both domains, because of double content.

Security Popup IE8 wistia video

I had the following iframe which renders the Video.In IE8, I am getting the security popup error.
<iframe src="https://fast.wistia.com/embed/iframe/223ewe311111112?videoWidth=310&videoHeight=120&controlsVisibleOnLoad=true&playerColor=1213221&plugin%5Bsocialbar%5D%5Bversion%5D=v1&plugin%5Bsocialbar%5D%5Bbuttons%5D=email-twitter-googlePlus-facebook&plugin%5Bsocialbar%5D%5Blogo%5D=true&plugin%5Bsocialbar%5D%5BtweetText%5D=May%20to%I%20New%Help%20You%20&plugin%5Bsocialbar%5D%5BbadgeUrl%5D=https%3A%2F%2Fwistia.com&plugin%5Bsocialbar%5D%5BbadgeImage%5D=https%3A%2F%2Fprime-cdn.wistia.com%2Fdeliveries%2Fe6e6be3fsdfsdfsdfsdf7e0a69.jpg%3Fimage_crop_resized%3D100x20" target="_blank" rel="nofollow" allowtransparency="true" frameborder="0" scrolling="no" class="wistia_embed" name="wistia_embed" width="310" height="120"></iframe>
I came to know that they updated their IFRAME API on their framework.Will it be a cause for rendering the popup in IE8 only.Using HTTPWATCH plugin in IE8,I found that all resources are rendering HTTPS only.So, because of this iframe tag only it is rendering the popup.I put this iframe tag in seperate HTML page and opened it in IE8 browser.It is showing Security popup.
First, you better get that example embed code checked out! :) It doesn't look like the iframe src is valid (it leads to a 404 page), which made this a little difficult to test. There are also some weirdnesses like target="_blank" on the iframe, which I don't think is produced by Wistia.
Anyway, I stapled the options onto a different media's embed code and I think I figured out your issue. The domain for the logo in the socialbar is what's causing the security warning.
If you upload your logo in the SuperEmbed Builder then switch to an SSL (under Embed Type > Advanced Options), it will also switch the domain of the logo to one that has a security certificate. I'm guessing that you produced a non-SSL embed, then manually switched it from http: to https:. In many cases this doesn't matter, but it does in this one unfortunately.
My recommendation is to produce the embed code directly from the SuperEmbed Builder and switch SSL on there.
What's the nature of the error you're getting? "Unsafe JavaScript attempt to access frame with URL [URL redacted] from frame with URL [URL redacted]. Domains, protocols and ports must match."
If so, there are a number of threads here at StackOverflow that also mention this error. while annoying, is extremely unlikely to be detrimental to how your site works, it's simply a symptom of having unmatched domains, ports and protocols between the iframe and page its embedded on.
So yeah, as long as the content on the page appears to be fine, you can most likely ignore that particular error.
As an alternative, try the Wistia API embed style, which you can also use SSL with--should help you avoid seeing this.

Open Facebook page in iframe or frame?

I want to have two facebook pages open at the same time as part of my html page.
So when you go to mypage.html, there will be displayed two facebook pages. Is this possible?
I get something like:
with code like:
<frameset cols="25%,75%">
or
<iframe height="*" src="http://www.facebook.com/photo.php?fbid=10150277739848763&set=pu.105012493762&type=1&theater" width="100%">
<p>Your browser does not support iframes.</p> </iframe>
I work on Facebook's security team and actually helped write the code that causes this. We do this (a form of frame busting) to prevent clickjacking attacks where an attacker can put Facebook in an iframe, hide it, and trick the user into clicking in the facebook frame and taking some action (e.g. posting a malicious link to their profile, etc).
While Jason's answer is going in the right direction, it's not true that browsers will give you access to the DOM of a page you insert in an iframe in your page. The Same Origin Policy dictates that javascript on one domain cannot access anything on a page on a different domain.
Facebook prevents you from linking directly to the actual site via IFRAME (or any frame). This is because any site putting Facebook in an IFRAME(or any frame) could use Javascript to access elements of the facebook page, including username and password fields.
There is no way around this. It is built in to the browsers themselves to send some information along in the request header that says it is being requested to be put in frame.
Gmail and several other sites do this as well.
There are specific situations where overriding the "x-frame-options" security policy is useful, such as in digital signage where it is desirable to show an organization's facebook page in a iframe alongside other signage iframes.
Clickjacking and phishing will not occur because the organization is displaying its own facebook page on its own browser-driven display devices.
If the browser doesn't provide an internal x-frame override on its "about:flags" page, you may need to install a browser extension to override x-frame-options on the signage device.