Weird IFRAME issue, page blocks itself from loading - html

This is a weird one. I'm using the URL "http://www.craigslist.org/about/" as an example here.
I load up that page in my browser and modify it with Firebug. I add the following line right after the body tag:
<iframe src="http://www.craigslist.org/about/" id="frame1" name="frame1" width="100%;" height="200"></iframe>
The IFRAME shows as blank! Now when I load https instead of http in the IFRAME it works. At first I thought maybe craigslist doesn't allow itself to be embedded in an IFRAME at all. Then I tried embedding that same IFRAME code on my website and the frame loads as expected.
It's as if they are blocking you from loading the same page within itself!? Anyone ever seen this behavior before?
UPDATE:
This problem appears to be related to my browser. (Firefox 21) When I try to load any IFRAME that has the same exact URL as the parent frame it fails??

Related

How to make iFrame behave exactly as if one were accessing the source site directly?

I am working on a site for a Client and they want to display the following URL in an iFrame:
https://www.vigrxplus.com/ct/3134
If you access that site directly, it will show the Promo code on the source website.
However, if you access that site via an iFrame, it will not show the Promo code on the source website:
https://jsfiddle.net/qc3zvo0b/
<iframe width="100%" height="1000" src="https://www.vigrxplus.com/ct/3134"></iframe>
(Make sure to test the iFrame without prior Cookies from having previously visited the source website directly.)
Attempting to enable all sandbox features for iFrame did not fix this.
The source site also seems to do some kind of redirect.
So how can this be fixed such that the iFrame behaves just like visiting the site directly?

iframe blocked as insecure content, even though the iframe is HTTPS

I am trying to embed an iframe (containing shellinabox, if that's relevant) onto an HTTPS webpage. The HTML I'm using to embed the iframe is pretty straightforward:
<div class="jumbotron" style="min-height: 400px;">
<iframe src="https://example.com/shellinabox" style="border:none; min-height: 400px;" width="100%"></iframe>
</div>
However, Chrome blocks the iframe from loading because it is "insecure content," and I have to manually unblock it for it to work. The Chrome console reports an error like this:
Mixed Content: The page at 'https://example.com/mainpage/' was loaded over HTTPS, but requested an insecure resource 'http://example.com/shellinabox/'. This request has been blocked; the content must be served over HTTPS.
I am confused by this because clearly my HTML code is embedding the HTTPS version of example.com/shellinabox. Moreover, when I visit https://example.com/shellinabox directly, the lock icon is green, nothing is blocked, and there are no indications of any SSL problems on that page.
I also tested this in Firefox, IE, and MS edge, and they all have the same behavior (so it's not a Chrome-specific issue). What gives?
This is an old question but I encountered the same issue. My use case is slighty different to yours, but hopefully this helps.
For me, my route on my python flask server ended with the "/" character. In my iframe, I was calling the route without the slash at the end of the src and was seeing the same error. Adding a slash to the src in the iframe did the trick for me.
<iframe src="https://example.com/shellinabox/" style="border:none; min-height: 400px;" width="100%"></iframe>
I'm not exactly sure why the missing slash on the end the src attribute would cause this error. If anyone can explain why, I'll gladly update my answer.
your code is loading the page over https but that page is then probably trying to load additional scripts or assets over http. or it may have scripts in the page that are making ajax requests over http. youll have to examine the page and look in the developer console to see exactly what the insecure requests are. it's probably not an issue with how you are creating the iframe element.

Iframe isn't displayed in IE on some URLs

I have simple html code:
<iframe src="http://public.bullhornstaffing.com" width="500" height="700"></iframe>
<iframe src="http://public.bullhornstaffing.com/JobBoard/Standard/default.cfm?privateLabelID=9076" width="500" height="700"></iframe>
The first iframe displayed excellent in all browsers, but second iframe isn't displayed in IE instead of the page I see the text "Site Not Found. The site your are trying to find does not exist."
But when I try to open iframe url in the browser directly - everything works as it is necessary.
There is method to correct it?
The URL of the second iframe gets redirected to http://public.bullhornstaffing.com/JobBoard/Standard/BHContent_JobOpportunities.cfm and for some reason, the server responds to it differently when accessed on IE via iframe (or otherwise as embedded). What you get is technically a normal server response, just with special content.
It is at the discretion of server admin to do such things, e.g. in an attempt at preventing framing, though this behavior might be unintentional. Contact the server admin.

What would cause an iframe to keep loading its parent page?

So this is quite the odd situation.... I have an iframe on a .cshtml page that is continuously loading the full content of the page that the iframe is on. This is the code for the iframe:
<iframe src="#Url.Content("~/dir/file.html")" width="100%" height="100%" scrolling="yes" />
The directory for the file is correct and the file.html file displays correctly without error when it is opened by itself. Also, I have tried using a different test.html file in place of file.html so the error cannot be within that file. Removing the iframe tag obviously stops this issue from occurring.
The other really interesting part about this issue is that I have a working version of the application that this .cshtml file belongs to and I have compared the corresponding .cshtml files and they are identical so I am really bewildered by this. Has anybody ever experienced a situation like this? The iframe literally just keeps reloading the .cshtml file within the iframe until I tell the browser to stop loading so you end up with a page with an iframe, that has a page withing the iframe, that has a page within the iframe, so on and so forth.
The answer to this question lies within the authentication for the application. When the iframe would make a call to file.html it would receive a redirect back to the .cshtml page which of course had the iframe on it so you can see where the loop comes into play. The solution of course then is to change the security settings to allow it to call to file.html as it needs to be displayed there. Thanks anyway.

Why is Chrome redirecting to URL of iframe onload?

I have a div with an iframe in it, and the iframe loads a page from another site (cross-domain). When the page loads in firefox it works fine and shows the page with the iframe in the div. However in Chrome, it automatically redirects to the iframe URL when the page loads. Any idea why this is happening and if it's possible to do what I'm trying to do in Chrome?
Notes: I'm not trying to do any cross-domain communication, just want to let users access the other site from within a page on my site. This also happens in Safari, so maybe it's a webkit thing.
Sandboxed iframe may be solution to your problem. It's supported by both Safari and Chrome, and will not effect Firefox1. You can use it like so:
<iframe sandbox="allow-forms allow-same-origin allow-scripts" src="http://stackoverflow.com"></iframe>
By not adding allow-top-navigation there you are preventing an iframe to redirect the whole page.
You can read more about it on W3C.org.
1 Starting from version 17, Firefox also supports sandboxed iframe.