I want to display this webpage in my application.
But i got this error Refused to display https://onlineadmission.ignou.ac.in/onlinerr/StudentReRegistrationForm.aspx in a frame because it set X-Frame-Options to sameorigin.
Please help me out how to display that page in my application.
<iframe name="form-target" width="100%" height="100%" src="https://onlineadmission.ignou.ac.in/onlinerr/StudentReRegistrationForm.aspx" frameborder="0" allowfullscreen="" srcolling="no" target='_top'></iframe>
Well, if that would work the way you want, then The clickjacking attack would be possible too.Thats why we have security for.
There is an interesting article about this: iframe-loading
You can check Clickjacking for more informations.
Or here for those, who wants to know, how to prevent clickjacking attack.
Related
Current activity frame is id='1'
<iframe src="" frameborder="0",id='1'>
<iframe src="" frameborder="0",id='2'>
<div id="pwd">ddd</div>
</iframe>
</iframe>
The thing I'm trying to do here is I want to select first iframe inside second iframe, I this is the code I started with, which is not working!
$($x("//div[#id='2']"), window.frames[1])
Couldn't find the right answer, it would be great if anyone directs me to the answer or just hint me what should I do to fix it.
Thank you.
Most browsers will prevent crossing the IFrame boundary in the way you described, as it's considered a security issue. The only exception, as #Teemu mentioned, is when the frames are served from exactly the same domain, port etc. - in which case the browser will relax the restrictions
I have an issue about embedded canvas is that I don't want
to use double click feature on it.
While API given by Sketchfab doesn't offer such functionality, is there a way to block event getting there in the first place ?
UPDATE:
I am embedding model from Sketchfab.
Here's the embed:
<div class="sketchfab-embed-wrapper"><iframe width="640" height="480" src="https://sketchfab.com/models/9eb60eebc20e45c4b586e1a6fe6c5983/embed" frameborder="0" allowvr allowfullscreen mozallowfullscreen="true" webkitallowfullscreen="true" onmousewheel=""></iframe>
...
Since you stated that you are using Sketchfab (which is embedded with an iframe) this is not possible due to XSS protection. No major browser will allow you to access embedded cross site content.
Take a look at this link for more information about cross-frame scripting and security.
can you check this? Remove Event
$('canvas').off('dblclick');
https://jsfiddle.net/gtbypwLb/
I have the following iframe:
<iframe src="https://www.weddingwire.com/morgancamille" style="border:0px #FFFFFF none;" name="weddingwirersvp" scrolling="no" frameborder="0" marginheight="0px" marginwidth="0px" height="600px" width="600px"></iframe>
... and it would appear that the website who's form I would like to display elsewhere has some iframe-specific parameters to deter people from displaying the form on other sites. Any ideas on how to get around this?
Changing the document to that particular iframe may help. Otherwise, you are running up against the intended purpose of iframes. You say you want to display elsewhere, but the purpose of an iframe is to prevent it from being displayed elsewhere.
jQuery/JavaScript: accessing contents of an iframe May be helpful here.
I created a slideshow for a website and users can put videos from vimeo or youtube in it. It works just fine. Due to some limitations with current browsers I have the thumbnail of the video showing in the slideshow, and clicking the picture opens a lightbox with the actual video. I copied the iframe code from both the youtube and vimeo websites exactly as they have it, but my console is showing errors for every iframe on the page. This is an example iframe element on my page:
<iframe
class="hide_me"
src="http://player.vimeo.com/video/7339803"
width="100%"
height="100%"
frameborder="0"
webkitallowfullscreen=""
mozallowfullscreen=""
allowfullscreen="">
</iframe>
And this is the error I'm getting in my console:
Blocked a frame with origin "http://player.vimeo.com" from accessing a frame with origin "http://my-machine-name". Protocols, domains, and ports must match.
Am I doing something wrong?
Pages can prevent themselves being loaded inside iframes on third party sites (same origin policy).
The whole rundown can be found here: https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
Pages that allow embedding in general often have a specific URL without these restrictions, but even YouTube has added them to their current embed URL recently with the old /embed/ scheme still working. Maybe Vimeo also has a working alternative?
I embedded a web page in an iFrame like this:
<iframe id="frame" src="http://www.domain.com" width="100%" frameborder="0" marginheight="0" marginwidth="0"></iframe>
Edit: The problem i am having is that the web page javascript is using the top property to find objects but now it is embedded in the iframe, is there a way to over ride this?
If I understand you right, you want to send data from the iFrame to the parent? If so, the error happens because Cross Site Communication is usually blocked to avoid XSS attacks. But you can keep your iframe, and use JavaScript and the window.postMessage(); function to share data.
https://developer.mozilla.org/en/DOM/window.postMessage