does not permit cross-origin framing iframe

2019-04-26 08:22发布

Hi I 2 have iframes in my page in the one is working fine and another one is not working giving error as does not permit cross-origin framing. Example code is bellow:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org   /TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<script type="text/javascript" src="../script/jquery.js"></script>
<title>Cancellation Policy</title>
</head>
<body>

<span>Some text goes here.</span>
<br /><br />
<iframe src="http://www.w3schools.com/"></iframe>
<iframe src="https://www.google.co.in/?gws_rd=cr&ei=-bmBUo24M6npiAeepICYAg"></iframe>

</body>
</html>

Any help is greatly helpful.

标签: jsp iframe
2条回答
干净又极端
2楼-- · 2019-04-26 08:51

I think you can't open a secured website in iframe. i.e. those websites that starts with https:// can not be opened in iframe. You can open w3school.com in an iframe but not https://twitter.com or https://facebook.com or https://google.com, etc.

I got below error while trying to open google.co.in in an iframe:

Load denied by X-Frame-Options: https://www.google.co.in/ does not permit cross-origin framing.
查看更多
beautiful°
3楼-- · 2019-04-26 08:55

Hey I found the solution to the problem. The problem is because the domains restricted to get access by other domains as they can hack the information here is the link which explains about the cross domain policy.

And we can over come from this problem by getting html Content and displaying that in our domain instead of accessing the other domain directly. And here is the link which explains about that.

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org   /TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<script src="http://code.jquery.com/jquery-1.2.3.min.js"></script>
<title>Cancellation Policy</title>
</head>
<body>

<span>Some text goes here.</span>
<br /><br />
<iframe src="http://www.w3schools.com/"></iframe>
<iframe src="https://www.google.co.in/?gws_rd=cr&ei=-bmBUo24M6npiAeepICYAg"></iframe>

<script>
        var url = 'https://www.google.co.in/?gws_rd=cr&ei=-bmBUo24M6npiAeepICYAg';
        $.getJSON('http://whateverorigin.org/get?url=' + encodeURIComponent(url) + '&callback=?', function(data){
            var html = ""+data.contents;

            /* Replace relative links to absolute ones */
            html = html.replace(new RegExp('(href|src)="/', 'g'),  '$1="'+url+'/');

            $("#siteLoader").html(html);
        });
    </script>
    <div id="siteLoader">
        <i>Loading&hellip;</i>
    </div>
</body>
</html>
查看更多
登录 后发表回答