X frame option Deny Alternative - javascript

I have added a setting that my project URL will never be loaded in an iframe by adding a header
response.setHeader("X-Frame-Options", "deny");
this is working fine but on the Iframe page , i just see a broken image saying refuse to connect with URL. Is it possible if i want to show some specific message with this kind of request or the URL will automatically open in a separate tab rather then the Iframe as we don't wan't customer to view this look and feel.

Related

Replace document with the iframe's document

I have a webpage that displays an iframe containing a random website. After 10 seconds I want the website within the iframe to replace the "parent" website.
Let's say my website www.aaa.com has an iframe containing the website www.bbb.com. After 10 seconds I want the browser to replace the currently open www.aaa.com with www.bbb.com without reloading the page so the user doesn't lose their state. Basically replacing the document and updating the URL bar accordingly.
I can't just get the URL of the iframe and change location as the user could for instance be watching a video and it would start again from the beginning because of the page reload.
I've been searching for this for a few hours and there is absolutely nothing that I could find.
You can set window.location = "//www.bbb.com" but it will just fetch that webpage as usual.
You can set an url in the browser using window.history.replaceState(null, "test", "www.aaa.com/mypage?foo=bar") but it will fail crossdomain (it will even fail using a subdomain on your site).
And you cannot get the contents of a cross-domain iframe.
These are all related to cross-origin security. There may be exceptions, such as when you have elevated permissions (browser plugin). Some functionality may be available using CORS and what not, but you need cooperation from the owner of the other domain.
In short, the closest to what you want is probably to set the iframe to the full width/height of the window.

How to use angular routing for directly access to content

how can i use Angular routing to access clickable content ( appears when click on a specific tab) when insert URL directly in browser?
for example I have a menu when i click on first tab some content apear and when click on another tab show something else and url was change but when I insert that url directly in the address bar, the content does not show. how can i solve this problem ?
Are you getting a 404 when putting the url directly in the browser address bar?
If so, it sounds like you need to configure your web server to route all requests to the page AngularJS loads from. AngularJS routing will then take over and load the content as expected.

Submit form in an iframe to a cross domain page

I wrote a chrome extension which injects a toolbar on top of sites (say amazon.com) as an iframe at the top.
When the user click on the action button on the toolbar (inside iframe), it's basically a form submit action, with action pointing to my full site (on another domain).
It's working, however only inside the iframe. I'd like the whole page to redirect to my site, rather than the iframe.
Is there anyway to do that in extension?
If you are using an iframe :
Same Origin Policy prevents you from doing this.
Unless you can hack/XSS the other site's files to inject the JS, you will have a hard time.
Now if you legitimately need to communicate with the other page, and you either have control of the other page or can setup it to communicate with your server, you can use window.postMessage, JSONP or even Ajax with CORS (latter 2 will be harder to pass dynamic content though). But I believe it is not the case.
else :
you can directly inject the js script in to the page itself by that you can handle all operations in the main page same as running something on chrome console.

Make iframe fullscreen via post message

We have an iframe that is showing one of our pages. The content of the iframe has an enableFullScreen method which as its name implies make the content go full screen.
We want to trigger this method when the user clicks on a button that is inside the page that hosts the iframe. We tried using post message but this doesn't work probably because post message is not a user initiated event. Making the iframe fullscreen ( without post message ) is not an option because the content inside the iframe needs to know if it is in fullscreen mode or not.
Thank you
(edit: The relevant question (Invoking JavaScript code in an iframe from the parent page) does not apply here because the iframe is hosting a page that is in a different domain, so we can only send messages to it rather than call methods directly. )

How can I remove an iframe within an iframe on an external web page like Pinterest's bookmarklet?

I am in the process of making a bookmarklet that allows users to highlight text on an external web page.
It runs JavaScript code that appends a JavaScript file from my server to the current web page that takes the title of the current web page, the URL of the current web page, and then the highlight text of the current web page. Finally, the user would click a button to submit the data to my web server to be saved into the database.
I have two ways of doing this: (1) have a popup with the data in the URL as parameters, or (2) to have an iframe inserted into the current web page with a form to submit the data.
In the one with the popup (1), the users browser auto blocks the popup for every domain. How do I get around this? It seems like Facebook share and twitter tweet buttons bypass the popup blocker though...
In the one with the iframe (2), I want to remove the iframe from the DOM after submitting data. However, if I'm on another domain, I get an error saying I am denied access because of origin policy something. I know it's possible because Pinterest's bookmarklet does this, it inserts an iframe then removes it from the current DOM.
I am looking for information on how these solutions work, so I can do something similar with my bookmarklet.
I resolved this by adding a post message callback after saving the data from the iframe.

Categories

Resources