So I have this code:
<iframe id="theFrame" src="http://localhost" style="width:100%;" frameborder="0">
</iframe>
and the localhost site loaded in the iframe just fine..
but then when I change the src to an external website
<iframe id="theFrame" src="http://www.youtube.com" style="width:100%;" frameborder="0">
</iframe>
The website did not load.
What did I do wrong? I know that you can use external websites in an iframe since Google Image Search does so...
How can I get external sites to work in my iframe?
The reason why external websites such as:
youtube.com
google.com
stackoverflow.com
etc.
are not loading in your frame, is because they are intentionally leveraging some sort of Frame Killer.
Example (uses jQuery):
<style> html{display:none;} </style>
<script type="text/javascript">
$(document).ready(function () {
if(window.self == window.top) {
document.documentElement.style.display = 'block'; }
else {
window.top.location = window.self.location; }
});
</script>
Suggested reading:
Framekiller (Wikipedia)
Busting a tough FRAME killer
If you run the code snippet below:
<iframe src="https://www.youtube.com"></iframe>
Then look at dev tools, it will throw the error:
Refused to display 'https://www.youtube.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
This is because the site you are trying to access limits embedding (via iframe, frame, embed, object) to the same origin using the X-Frame-Options header. So youtube.com can load iframes with youtube.com pages just fine, but nobody else can. Only site admins for the embedded site can change that setting.
If you have admin for the site you are embedding, you can whitelist the the host site:
X-Frame-Options: allow-from https://my-host-site.com/
This has to be sent as a HTTP Header by the server of the page you are trying to embed. It will not work as a meta tag inside the HTML head. This is how the browser knows the site you are embedding ok'd the site that is hosting to show the page in the iframe.
You are probably experiencing the same issues I am having, Most likely the iframe is being blocked by the X-frame-options or being blocked by the Deny property. For example if you access facebook from an outside source it will come back with a DENY response in google chrome
It appears to be a youtube-only problem; src="http://www.mozilla.org" works for me in your code. If you want to display youtube videos in iframes, they'll probably want you to use "embed" option on the video page?
Related
I'm trying to embed photospheres into Squarespace.
Google Maps works fine, but doesn't suit my needs and looks as follows:
<iframe src="https://www.google.com/maps/embed?pb=!1m0!3m2!1sen!2sus!4v1471028758208!6m8!1m7!1sF%3A-hjcchX5MD5g%2FV03OAcggYUI%2FAAAAAAAAKeM%2FXwIrucnK4IQkwWbhxu9BrvOATMYZaMmKgCLIB!2m2!1d37.870246!2d-119.360704!3f125.91384035181916!4f6.045852307800146!5f0.7820865974627469" width="100%" height="800" frameborder="0" style="border:0" allowfullscreen></iframe>
Instead, I want to embed via sphereshere.net Their embed looks as follows but DOESN'T work.
<iframe src="http://sphereshare.net/#!/e/c467ba7af9753ee287cd44550493e966" height="320" width="620" frameborder="0"></iframe>
What do we think is the problem?
Usually, in cases like this, the problem is the use of the http protocol in an iframe while you're still logged into Squarespace via https. You should try to view the page while not logged in, being sure you're viewing the page via http and not https. If you provide a link to the page, I'm happy to take a look as well.
The reason for this has to do with browser security. Loading a resource over http while viewing the parent website over https is a potential security risk, so browsers do not allow it. Google maps supports loading over https (and you can see the link you're using for Google Maps uses https). Whereas sphereshare.net does not support https, so you're using http. When logged into Squarepace, you're loading the website over https but the sphereshare iframe over http, so browsers do not allow it.
In the future, hopefully you'll be able to use https with sphereshare, then it would work in either case. Until then, you'll have to log out and set your protocol to http in order to view iframes loaded over http.
I want to embed a YouTube video link in my web page with something like url://youtu.be. It's not appearing when I embed that in my web page. The below code, however, is working well (url://youtube without the dot).
<iframe width="420" height="315" src="https://www.youtube.com/embed/4pXUcxWLA7g" frameborder="0" allowfullscreen></iframe>
Why does using a "youtu.be" link not embed properly?
Because youtu.be is a URL shortening service. So when you go to a you.be URL, all it does is Redirect you to the full URL for a video.
Edit, actually that's not the complete end of the story. What happens when you do that is yes, it redirects you, but then the browser gives an error:
"Refused to display (video url) in a frame because it set
'X-Frame-Options' to 'SAMEORIGIN'."
So, this could work with redirection, but it doesn't because youtube sends down this response
header: x-frame-options:SAMEORIGIN
And so the browser refuses to display it because it's not the same origin (that is, it's not being served from the same domain). Why does youtube do this? That I don't know. But, basically, it appears you MUST you the youtube.com/embed style URL for iframe. If you have URLs in the youtu.be format (maybe in your database or something), then you will need to hit the youtu.be link and then see where it wants to redirect you to, and then use THAT link for your iframe.
This is my current website: http://acrossuhubsubmissions.tumblr.com/ .
As you see, I'm using iFrames to embed part of the Dropbox onto my tumblr website. The Dropbox page is a public sharing page. The html code that I'm using to display the Dropbox:
<left>
<iframe src ="https://www.dropbox.com/sh/d9ulw65twvxrrhi/AACHsXLlXUSan4Zx4hGC8BDja?lst" width="777px" height="777px" scrolling="yes" >
<p>Your browser does not support iframes.</p>
</iframe></left>
I used the exact same code for the Google speadsheet webpage, and that seemed to show up. Does anyone know why the Dropbox webpage isn't showing up on my tumblr page?
I was able to embed a Dropbox video like this;
First, create a share link to the video, then modify the link by changing the ?dl=0 at the end to ?raw=1 and then using this code...
<iframe width="800" height="450"
src="https://www.dropbox.com/s/nwg6px2i8si18w9/Oh%20Deer%21.mp4?raw=1
&autoplay=1" frameborder="0" allowfullscreen></iframe>
NOT recommended for high bandwidth uses, as you might be banned from Dropbox (read this https://www.dropbox.com/help/security/banned-links.)
It is not possible to display that dropbox link in an iFrame not originating from outside the dropbox.com domain. The reason why is because they include the following header in their response:
X-Frame-Options SAMEORIGIN
see https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options for more information on this header. Browser supporting this flag will not load the content in an iframe.
See the documentation on dropbox how to user their api to embed content:
https://www.dropbox.com/developers/dropins
Better use OneDrive, it gives you embed link. [I know it's an old question but it might be helpful if you didn't knew it already]
You can use the "public link".
Copy the file into the dropbox public folder and now you can use the public link to embed in a frame.
I am trying to pull a webpage into an iframe on another webpage but it just keeps giving me a blank box. Any idea why this is not working?
My page: (https://www.skmgroupwork.com/facebook/identifix/fix/)
iframe code:
<iframe src="https://www.identifix.com/FOTW/FixFrame.aspx" width="700" height="600" scrolling="no" id="inneriframe" frameborder="0"></iframe>
www.identifix.com blocks external domains using their site in an iframe.
You can see here that they have set X-Frame-Options: SAMEORIGIN which blocks all external domains iframing their site.
Read more about X-Frame-Options header here.
maybe the problem is in the domain of the webpage you want load, proib with other page for exclude problems, some domains of webpage block of call for iframes !!
I'm trying to get Iframes to work. I'm running safari, so it is compatible, but when I test it, it comes up blank.
Code:
<iframe src="http://www.google.com" width="100%" height="300">
<p>Your browser does not support iframes.</p>
</iframe>
I took the code directly from the w3schools website after using the "try it out" editor so I know it's supposed to work. When I changed the page from a page in their subdirectory to an external page, it shows up blank.
The syntax is correct. It's not your fault - Google is blocking iframing using the X-Frame-Options header that newer browsers listen to.
Possible workarounds are explained in this Google forum post.
Follow the instruction in the following Google Developer Site under "IFrame embeds using the IFrame Player API" bullet:
https://developers.google.com/youtube/player_parameters
This uses API's JavaScript code to view youtube videos.
Here's the link with a more general instruction
https://developers.google.com/youtube/iframe_api_reference#Loading_a_Video_Player