Overcoming “Display forbidden by X-Frame-Options”

2018-12-31 01:42发布

站内问答 / 后端开发
721 25 5

I'm writing a tiny webpage whose purpose is to frame a few other pages, simply to consolidate them into a single browser window for ease of viewing. A few of the pages I'm trying to frame forbid being framed and throw a "Refused to display document because display forbidden by X-Frame-Options." error in Chrome. I understand that this is a security limitation (for good reason), and don't have access to change it.

Is there any alternative framing or non-framing method to display pages within a single window that won't get tripped up by the X-Frame-Options header?

25条回答
明月照影归
2楼-- · 2018-12-31 01:58

If you are getting this error while trying to embed a Google Map in an iframe, you need to add &output=embed to the source link.

查看更多
0人赞 添加讨论(0) 举报
泪湿衣
3楼-- · 2018-12-31 02:00

It's surprising that no one here has ever mentioned Apache server's settings (*.conf files) or .htaccess file itself as being a cause of this error. Search through your .htaccess or Apache configuration files, making sure that you don't have the following set to DENY:

Header always set X-Frame-Options DENY

Changing it to SAMEORIGIN, makes things work as expected:

Header always set X-Frame-Options SAMEORIGIN

查看更多
0人赞 添加讨论(0) 举报
情到深处是孤独
4楼-- · 2018-12-31 02:04

If you are getting this error for a YouTube video, rather than using the full url use the embed url from the share options. It will look like http://www.youtube.com/embed/eCfDxZxTBW4

You may also replace watch?v= with embed/ so http://www.youtube.com/watch?v=eCfDxZxTBW4 becomes http://www.youtube.com/embed/eCfDxZxTBW4

查看更多
0人赞 添加讨论(0) 举报
只靠听说
5楼-- · 2018-12-31 02:04

There is a plugin for Chrome, that drops that header entry (for personal use only):

https://chrome.google.com/webstore/detail/ignore-x-frame-headers/gleekbfjekiniecknbkamfmkohkpodhe/reviews

查看更多
0人赞 添加讨论(0) 举报
不再属于我。
6楼-- · 2018-12-31 02:04

I'm not sure how relevant it is, but I built a work-around to this. On my site, I wanted to display link in a modal window that contained an iframe which loads the URL.

What I did is, I linked the click event of the link to this javascript function. All this does is make a request to a PHP file that checks the URL headers for X-FRAME-Options before deciding whether to load the URL within the modal window or to redirect.

Here's the function:

  function opentheater(link, title){
        $.get( "url_origin_helper.php?url="+encodeURIComponent(link), function( data ) {
  if(data == "ya"){
      $(".modal-title").html("<h3 style='color:480060;'>"+title+"&nbsp;&nbsp;&nbsp;<small>"+link+"</small></h3>");
        $("#linkcontent").attr("src", link);
        $("#myModal").modal("show");
  }
  else{
      window.location.href = link;
      //alert(data);
  }
});


        }

Here's the PHP file code that checks for it:

<?php
$url = rawurldecode($_REQUEST['url']);
$header = get_headers($url, 1);
if(array_key_exists("X-Frame-Options", $header)){
    echo "nein";
}
else{
    echo "ya";
}


?>

Hope this helps.

查看更多
0人赞 添加讨论(0) 举报
与风俱净
7楼-- · 2018-12-31 02:04

Not mentioned but can help in some instances:

var xhr = new XMLHttpRequest();
xhr.onreadystatechange = function() {
    if (xhr.readyState !== 4) return;
    if (xhr.status === 200) {
        var doc = iframe.contentWindow.document;
        doc.open();
        doc.write(xhr.responseText);
        doc.close();
    }
}
xhr.open('GET', url, true);
xhr.send(null);
查看更多
0人赞 添加讨论(0) 举报
1 2 3 4 5 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)