I have simple html code:
<iframe src="http://public.bullhornstaffing.com" width="500" height="700"></iframe>
<iframe src="http://public.bullhornstaffing.com/JobBoard/Standard/default.cfm?privateLabelID=9076" width="500" height="700"></iframe>
The first iframe displayed excellent in all browsers, but second iframe isn't displayed in IE instead of the page I see the text "Site Not Found. The site your are trying to find does not exist."
But when I try to open iframe url in the browser directly - everything works as it is necessary.
There is method to correct it?
The URL of the second iframe gets redirected to http://public.bullhornstaffing.com/JobBoard/Standard/BHContent_JobOpportunities.cfm and for some reason, the server responds to it differently when accessed on IE via iframe (or otherwise as embedded). What you get is technically a normal server response, just with special content.
It is at the discretion of server admin to do such things, e.g. in an attempt at preventing framing, though this behavior might be unintentional. Contact the server admin.
Related
I am working on a site for a Client and they want to display the following URL in an iFrame:
https://www.vigrxplus.com/ct/3134
If you access that site directly, it will show the Promo code on the source website.
However, if you access that site via an iFrame, it will not show the Promo code on the source website:
https://jsfiddle.net/qc3zvo0b/
<iframe width="100%" height="1000" src="https://www.vigrxplus.com/ct/3134"></iframe>
(Make sure to test the iFrame without prior Cookies from having previously visited the source website directly.)
Attempting to enable all sandbox features for iFrame did not fix this.
The source site also seems to do some kind of redirect.
So how can this be fixed such that the iFrame behaves just like visiting the site directly?
I am trying to embed an iframe (containing shellinabox, if that's relevant) onto an HTTPS webpage. The HTML I'm using to embed the iframe is pretty straightforward:
<div class="jumbotron" style="min-height: 400px;">
<iframe src="https://example.com/shellinabox" style="border:none; min-height: 400px;" width="100%"></iframe>
</div>
However, Chrome blocks the iframe from loading because it is "insecure content," and I have to manually unblock it for it to work. The Chrome console reports an error like this:
Mixed Content: The page at 'https://example.com/mainpage/' was loaded over HTTPS, but requested an insecure resource 'http://example.com/shellinabox/'. This request has been blocked; the content must be served over HTTPS.
I am confused by this because clearly my HTML code is embedding the HTTPS version of example.com/shellinabox. Moreover, when I visit https://example.com/shellinabox directly, the lock icon is green, nothing is blocked, and there are no indications of any SSL problems on that page.
I also tested this in Firefox, IE, and MS edge, and they all have the same behavior (so it's not a Chrome-specific issue). What gives?
This is an old question but I encountered the same issue. My use case is slighty different to yours, but hopefully this helps.
For me, my route on my python flask server ended with the "/" character. In my iframe, I was calling the route without the slash at the end of the src and was seeing the same error. Adding a slash to the src in the iframe did the trick for me.
<iframe src="https://example.com/shellinabox/" style="border:none; min-height: 400px;" width="100%"></iframe>
I'm not exactly sure why the missing slash on the end the src attribute would cause this error. If anyone can explain why, I'll gladly update my answer.
your code is loading the page over https but that page is then probably trying to load additional scripts or assets over http. or it may have scripts in the page that are making ajax requests over http. youll have to examine the page and look in the developer console to see exactly what the insecure requests are. it's probably not an issue with how you are creating the iframe element.
How comes I can't use an Iframe for the url http://www.ahv-services.ch/reschweb/rentenform.aspx?
<iframe frameborder="0" height="600px" scrolling="no" src="http://www.ahv-services.ch/reschweb/rentenform.aspx" width="100%"></iframe>
Firefox is showing me that the URL of the Iframe is http://www.ahv-services.ch/errors/error02.htm. This is also the page that is getting displayed in my browser but as you see in src attribute I am not looking for this page.
Edit: Even when you click on that link, it redirects you to the error page. Only when you copy & paste the link, it will show you the correct page.
Presumably, www.ahv-services.ch is examining the referer header sent by the browser (no, you can't supress it) and redirecting if it looks like a third party site is linking directly to that page.
Look at the error message you get (via Google Translate):
The calling web server is not registered for the use of this service. The Web services under www.ahv-services.ch were commissioned by the IGAKIS (www.igakis.ch) by Mathys & Scheitlin AG (www.ms.ch developed). The IGAKIS provides the services generally after registration. For more information or an application for a registration, please contact www.ms.ch or www.igakis.ch.
As you said in your question clicking on the link redirects you to the error page, I can confirm this happens for me too.
This means that there is not a problem with your iframe or any of the code on your page, it is the page at http://www.ahv-services.ch/reschweb/rentenform.aspx which is broken.
If you have access to this website then I would recommend you look into debugging this to see if there is an error in the code. If you do not have access to this then I recommend you get in contact with an admin who does.
I had the following iframe which renders the Video.In IE8, I am getting the security popup error.
<iframe src="https://fast.wistia.com/embed/iframe/223ewe311111112?videoWidth=310&videoHeight=120&controlsVisibleOnLoad=true&playerColor=1213221&plugin%5Bsocialbar%5D%5Bversion%5D=v1&plugin%5Bsocialbar%5D%5Bbuttons%5D=email-twitter-googlePlus-facebook&plugin%5Bsocialbar%5D%5Blogo%5D=true&plugin%5Bsocialbar%5D%5BtweetText%5D=May%20to%I%20New%Help%20You%20&plugin%5Bsocialbar%5D%5BbadgeUrl%5D=https%3A%2F%2Fwistia.com&plugin%5Bsocialbar%5D%5BbadgeImage%5D=https%3A%2F%2Fprime-cdn.wistia.com%2Fdeliveries%2Fe6e6be3fsdfsdfsdfsdf7e0a69.jpg%3Fimage_crop_resized%3D100x20" target="_blank" rel="nofollow" allowtransparency="true" frameborder="0" scrolling="no" class="wistia_embed" name="wistia_embed" width="310" height="120"></iframe>
I came to know that they updated their IFRAME API on their framework.Will it be a cause for rendering the popup in IE8 only.Using HTTPWATCH plugin in IE8,I found that all resources are rendering HTTPS only.So, because of this iframe tag only it is rendering the popup.I put this iframe tag in seperate HTML page and opened it in IE8 browser.It is showing Security popup.
First, you better get that example embed code checked out! :) It doesn't look like the iframe src is valid (it leads to a 404 page), which made this a little difficult to test. There are also some weirdnesses like target="_blank" on the iframe, which I don't think is produced by Wistia.
Anyway, I stapled the options onto a different media's embed code and I think I figured out your issue. The domain for the logo in the socialbar is what's causing the security warning.
If you upload your logo in the SuperEmbed Builder then switch to an SSL (under Embed Type > Advanced Options), it will also switch the domain of the logo to one that has a security certificate. I'm guessing that you produced a non-SSL embed, then manually switched it from http: to https:. In many cases this doesn't matter, but it does in this one unfortunately.
My recommendation is to produce the embed code directly from the SuperEmbed Builder and switch SSL on there.
What's the nature of the error you're getting? "Unsafe JavaScript attempt to access frame with URL [URL redacted] from frame with URL [URL redacted]. Domains, protocols and ports must match."
If so, there are a number of threads here at StackOverflow that also mention this error. while annoying, is extremely unlikely to be detrimental to how your site works, it's simply a symptom of having unmatched domains, ports and protocols between the iframe and page its embedded on.
So yeah, as long as the content on the page appears to be fine, you can most likely ignore that particular error.
As an alternative, try the Wistia API embed style, which you can also use SSL with--should help you avoid seeing this.
I have the following html in a page:
<div>
<iframe src="http://google.co.in" style="width:200px;height:200px">
</iframe>
<iframe src="http://" style="width:200px;height:200px">
</iframe>
</div>
This page displays correctly in Firefox:
But in IE (7 & 8), the whole page gets replaced with the following error page:
Even though I agree this behaviour is odd, it may be intended for security purposes. Try about:blank rather than http://.
I wouldn't rely on the browser to check the validity of the URL for you if you want consistent behavior across all browsers.
If it's a user-entered url that you need to validate, consider validating it yourself (probably using regular expressions either in the back-end or javascript depending on your app) before loading it into the iframe. That way you can display your own error message on your own terms if they entered an invalid url.
Since the URL is user-defined, you must have a server-side script that is generating that page. So you can easily check for an invalid URL (or at least, a blank one or just http://) and either not display anything, put the iframe code with no src parameter, or put a default page.