I am using the following simple iFrame code to load Yahoo but it's not loading anyway. in Chrome Inspector I see the URL status as 301 first and then cancel. Any idea why is it happening?
<iframe name="iframe1" src="http://yahoo.com"></iframe>
I am using the following simple iFrame code to load Yahoo but it's not loading anyway. in Chrome Inspector I see the URL status as 301 first and then cancel. Any idea why is it happening?
<iframe name="iframe1" src="http://yahoo.com"></iframe>
You probably get an error message in the log that reads something like this:
"Refused to display document because display forbidden by X-Frame-Options."
To answer your question:
Yahoo is doing this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.
For more info read this: https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
Its also very easy to ask site not to load if you are in an iframe with simple javascript. For example, twitter does this
<script type="text/javascript">
//<![CDATA[
if (window.top !== window.self) {
document.write = "";
window.top.location = window.self.location;
setTimeout(function () {
document.body.innerHTML = '';
}, 1);
window.self.onload = function (evt) {
document.body.innerHTML = '';
};
}
//]]>
</script>
I did not see a console error here and so I guess this is the case here.
The Yahoo! JavaScript is obfuscated but you can see they are definitely removing something at this snippet. (Code taken from yahoo website)
if(self!==self.top){b=function(){if(g.readyState=="complete"){f.remove(g,e,b);
actually yahoo , google and such website doesn't allow iframes to their site. They blocks iframes to show their website
If the site hosting the webpage forces the use of a secure HTTPS
connection, some browsers (chrome for sure) will require that all network resources use HTTPS
as well.
The URL in your current iframe is using HTTP src="http://yahoo.com"
Try using HTTPS: src="https://yahoo.com"