On my localhost, I am using the following JavaScript to create an iframe with src, and add it to the document:
$('#preview').html('<iframe src="http://google.com/"></iframe>');
The iframe shows but not the content. In firebug, it's just:
<iframe src="http://google.com/">
<html>
<head></head>
<body></body>
</html>
</iframe>
When I execute $('iframe').attr('src','http://google.com/'); on the console, the browser loads (says "Waiting for google.com..."), then seems to refresh the content of the iframe. But again, it's empty.
If I set it to a local page, though, the content is loaded.
Is this because of the same origin policy? I'm not so informed about it. I did some googling and I'm confused because some sites say that it's okay to include an iframe with src that doesn't belong to your own domain, and some say it's not possible.
By the way, since I'm still testing on localhost, would this work if I uploaded this to a server somewhere? (but src of iframe will still be in a different domain)
Help?
If you'd checked your browser's error console, you'd have seen this message:
Refused to display document because display forbidden by X-Frame-Options.
So, this isn't an error on your part, but a deliberate action on the part of Google.
The two options for the X-Frame-Options are:
deny - no rendering within a frame, andsameorigin - no rendering if origin mismatch
References:
X-Frame-Options response headers, at MDN.X-Frame-Options at Wikipedia.- Overcoming "Display forbidden by X-Frame-Options" (here on Stack Overflow).
Yes the code is forbidden because of same origin policy. Read here
Suppose you own the domain http://www.example.com then you can probably have following results, when you call pages through iframes:
Compared URL Outcome Reason
---------------------------------------------------------------------------------------------
http://www.example.com/dir/page.html Success Same protocol and host
http://www.example.com/dir2/other.html Success Same protocol and host
http://www.example.com:81/dir2/other.html Failure Same protocol and host but different port
https://www.example.com/dir2/other.html Failure Different protocol
http://en.example.com/dir2/other.html Failure Different host
http://example.com/dir2/other.html Failure Different host (exact match required)
http://v2.www.example.com/dir2/other.html Failure Different host (exact match required)
Now, you are calling google.com, which is a cross domain issue upon you. To get around such a problem, JSONP can help you out. It uses open script policy for <script>, to retrieve JSON from cross domains.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 女痞 的文章《content of dynamically created iframe is empty》','https://www.manongdao.com/article-740831.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}