How does one keep all redirects from an iframe within the iframe? Sort of like a browser within the page. I've seen it done many times on translating sites, vpn sites, security sites, etc.
For Clarification: http://bit.ly/1m8EF4e
<-- Google translation of a wikipedia page. Notice how redirects are still within the iFrame of the translator.
<a href="(src)" target="_self"> for opening the link in a same iframe
for new tab change the targer value to _blank
Related
My site is http://inquizgaming.info/
When you click a link here in edge, it gives you a message saying:
"This content can’t be shown in a frame
There is supposed to be some content here, but the publisher doesn’t allow it to be displayed in a frame. This is to help protect the security of any information you might enter into this site.
Try this:
Open this in a new window"
In chrome, the page just stays blank.
This doesn't make a lot of sense to me, as i am not framing (i.e. using ,, or etc.) these links.
The entire body of the code for that first "Join Discord" button is:
<section id="banner">
<div class="inner">
<h2>Inquisitional Gaming</h2>
<p>An open gaming community for all platforms!</p>
<ul class="actions">
<li>Join Our Discord!</li><br>
</ul>
</div>
</section>
And from this, i just can't seem to understand what the issue is. I've been looking all over online. I am new to html, css, and JS. I am a novice at website building, and i am sure the problem is somewhere im not thinking of.
EDIT: When i right-click (or hold on mobile) and open it in a new window, the link works fine. This is EXTREMELY frustrating.
http://68.185.245.9/ is your host IP. With what I'm gathering, you have an index file linking to your IP which in turn shows your page, but it's linking it with a frame and thus breaks the ability for your links to redirect you. Have your service provider reconfigure your DNS so it has an A record pointing towards your host IP.
If you open your site http://inquizgaming.info/ and right-click to inspect the HTML you see the <frameset border="0" rows="*,1">.
If you now click on a link on your site, the discordapp.com server answers with the HTTP-Header 'X-Frame-Options' set to 'sameorigin'. This Header indicates, that the browser is not allowed to render https://discordapp.com/invite/qDf8DG9 in the visiting browser.
You can read the details about the the HTTP-Header here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
As you cannot change the HTTP-Response from discordapp.com' you need to either remove the all the <frameset>, <frame> and <iframe> or you can add a target="_blank" attribute to every link referencing the external link.
If you open the link in a new window, and the link works perfectly fine, then try adding this to your <a> tag...
Join Our Discord!
The target="_blank" attribute tells the browser to open the link in a new window. Also, it's good practice to place out-going links (that contain content not specific to your website) in a new window.
EDIT: As others have said, your website code is placed within several <frame> tags. Some functionalities, such as the <a> tag, will behave differently. Inspecting your website (using developer's tools by pressing Ctrl+Shift+I on Chrome or Firefox) will show the firstmost tags being <frame> containers.
I've got some embedded iframe Bandcamp players on www.mangledmusic.net/releases. I set up our Bandcamp page to look like our website, which will have an image map of my sites page tabs. The link in the embedded players that takes you to bandcamp opens in a new tab every time. I have tried numerous solutions listed on this site, and none of them have worked. Is this possible? Obviously Bandcamp.com and my site are not the same domain. Thanks!
Are you able to edit the Bandcamp site? Every link in the Bandcamp iFrame has the target set to _blank. This tells the browser to open in a new window.
If you want the site to open in the same tab, you should use target="_top" in your links.
I want to use an iFrame to display the content of another web site (not mine) but I don't want to display other sites in that iFrame. For example, if the SRC for the iFrame is www.site.com then if a visitor clicks a link in that site that opens to another website, I want to prevent it and perhaps display a blank page or redirect back to the specified site.
The site hosting the iFrame uses Apache/PHP on a VPS.
I need to be able to restrict the iFrame content to what was originally specified. If this cannot be done using iFrame what else could work?
There is a similar post that does not work this way... only works on the content page and does nothing to prevent the host iFrame from controlling the content domain.
I have a website which is hosted via my providers webhosting.
I have bought another domainname and forwarded my current website to it.
The technique it uses is cloacking, so my old website is a frame in my new domain.
Everything works perfectly but when I click a hyperlink that goes outside the website (e.g. facebook page), the page won't show.
I have the following error in my Google Chrome console:
Refused to display Hyperlink in a frame because it set X-Frame-Options to DENY.
Any link, tutorial help will be appreciated.
The X-Frame-Options is submitted by pages if they don't want to be displayed in frame or iframe (see mdn: The X-Frame-Options response header)
The message tells you that Facebook tells the browser, that it does not want to be displayed in a frame. To solve this problem you need to set the target attribute for these links to _top or _parent. But be award that the user could prevent these options by browser extensions.
If you plan to use the second domain instead of the first one you should think over doing a 301 redirect. What you should avoid is to find a solution that displays the same content (without iframe) on both domains, because of double content.
I want to have two facebook pages open at the same time as part of my html page.
So when you go to mypage.html, there will be displayed two facebook pages. Is this possible?
I get something like:
with code like:
<frameset cols="25%,75%">
or
<iframe height="*" src="http://www.facebook.com/photo.php?fbid=10150277739848763&set=pu.105012493762&type=1&theater" width="100%">
<p>Your browser does not support iframes.</p> </iframe>
I work on Facebook's security team and actually helped write the code that causes this. We do this (a form of frame busting) to prevent clickjacking attacks where an attacker can put Facebook in an iframe, hide it, and trick the user into clicking in the facebook frame and taking some action (e.g. posting a malicious link to their profile, etc).
While Jason's answer is going in the right direction, it's not true that browsers will give you access to the DOM of a page you insert in an iframe in your page. The Same Origin Policy dictates that javascript on one domain cannot access anything on a page on a different domain.
Facebook prevents you from linking directly to the actual site via IFRAME (or any frame). This is because any site putting Facebook in an IFRAME(or any frame) could use Javascript to access elements of the facebook page, including username and password fields.
There is no way around this. It is built in to the browsers themselves to send some information along in the request header that says it is being requested to be put in frame.
Gmail and several other sites do this as well.
There are specific situations where overriding the "x-frame-options" security policy is useful, such as in digital signage where it is desirable to show an organization's facebook page in a iframe alongside other signage iframes.
Clickjacking and phishing will not occur because the organization is displaying its own facebook page on its own browser-driven display devices.
If the browser doesn't provide an internal x-frame override on its "about:flags" page, you may need to install a browser extension to override x-frame-options on the signage device.