When I go to this url : (warning: some Ad-blocker is recommended)
https://openload.co/embed/M4pSomdJWME/?c1_file=http://tugaflix.com/legendas/716bac991518958ad95df18200c906c3.srt&c1_label=Legenda
The web-page link loads fine, without errors.
However, when I try to load same page via iframe in my html code, an error appears:
My html code :
<html>
<head>
</head>
<body>
<iframe width="600" height="700"
src="https://openload.co/embed/M4pSomdJWME/?c1_file=http://tugaflix.com/legendas/716bac991518958ad95df18200c906c3.srt&c1_label=Legenda">
</iframe>
</body>
</html>
Below image: Error result within my iframe. How to fix such error?
If you're willing to design/code your own player interface then one loading option is to use a <video> tag instead of via <iframe> tag...
<video width="640" height="480" controls crossorigin="anonymous">
<source src="https://oload.stream/stream/M4pSomdJWME~1508775093~213.205.0.0~IzmpIUe0?mime=true" type="video/mp4">
</video>
I'm not going to tell you how to steal access any video by code, but some advice is:
1) You can see in the source code that a server 1508775191~213.205.0.0 is accessed for media files including subtitle VTT file). Study rest of source code. Consider why token is mentioned and why referrer is checked. What can you do pass and get same access?
2) By using your browser's Developer Tools (especially "network" and "console" tabs), you can find the related https://oload.stream/stream/ url for any future updates or alternate embeds.
PS:
"but, this tugaflix.com/Episodio?E=2310910&S2 website is using that iframe"
Look at source code of: http://tugaflix.com/Episodio?E=2310910&S2/
You will see that no iframe is mentioned or used... They are even using two different player interfaces so you cannot assume that tugaflix.com is loading this page https://oload.stream/embed/M4pSomdJWME within some iframe. They are instead accessing the MP4 video file from some server calledhttps://lemonade-fruit.fruithosted.net/
The target site has code that prevents it from being shown in an Iframe. Unfortunately you will not be able to use that url in an Iframe.
Related
I have a web service which will return pdf stream for a given document id and I will set the content type to application/pdf and write the out put to IFRAME upto this point I am done and OK!
My problem is :
My requirement is to disable the pdf download toolbar button in IFRAME, is there any way using JavaScript or j query to disable the PDF toolbar buttons,
i tried some thing like this:
<iframe src="view/1.pdf?page=hsn#toolbar=0" width="875" height="95%" id="iframe11">
<p>Your browser does not support iframes.</p>
</iframe>
I tried setting toolbar=0 for iframe tag but it dint work.
an anyone please tell me how to achieve this ?
I hope I am not very late to reply. But here's is something you can do to prevent the users. Use iFrame to display your PDF and make sure that you are displaying using Google. I used the following code :
<iframe src="http://docs.google.com/gview?url=http://www.tutorialspoint.com/php/php_tutorial.pdf&embedded=true" style="width:600px; height:500px;" frameborder="0">
</iframe>
Here you can simply change the url=http://www.tutorialspoint.com/php/php_tutorial.pdf and replace it by your own URL where you kept your PDF.
Use embed tag instead iframe tag:
<embed src="http://localhost/yourpdf.pdf#toolbar=0" style="width:600px; height:500px;">
I'm trying to display Facebook page in an simple HTML page which only contains an iframe.
Here's my HTML code:
<html>
<body>
<iframe src="http://www.facebook.com"></iframe>
</body>
</html>
I'm always getting this error in Google Chrome's console:
Refused to display 'http://www.facebook.com/' in a frame because it
set 'X-Frame-Options' to 'DENY'.
BTW, I'm having this problem also with these iframes:
<iframe src="https://mail.google.com/mail/mu/mp/any"></iframe>
<iframe src="http://m.facebook.com"></iframe>
<iframe src="http://m.youtube.com"></iframe>
<iframe src="http://m.dropbox.com"></iframe>
<iframe src="http://m.yahoo.com"></iframe>
<iframe src="http://www.google.com"></iframe>
<iframe src="http://mail.google.com"></iframe>
<iframe src="http://www.facebook.com"></iframe>
<iframe src="http://www.youtube.com"></iframe>
<iframe src="http://www.dropbox.com"></iframe>
<iframe src="http://www.yahoo.com"></iframe>
Meanwhile, this iframe is working well !
<iframe src="http://www.google.com/custom"></iframe>
How to solve this ?
EDIT based on comments: Is there an alternative of using iframe if this is unsolvable ? Something like browser tag in XUL ? I already tried browser tag in Firefox extension and it works well, but I'm now coding a chrome extension, so I cannot depend on XUL anymore ?
Yes, you could
use server-side includes, to fetch it from the server and include it in an iframe
use a custom browser which does not recognize that header
complicated: use websockets to create your own Javascript HTTP client, fetch the page, and insert it into the DOM
For those who are interested, this cannot be done !
If you use an iFrame element in an HTML document, the child page will load with all of the session and cookie data from the browser.
For example:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Stack Overflow in an iFrame</title>
</head>
<body>
<h1>Stack Overflow in an iFrame</h1>
<iframe src="http://stackoverflow.com" width="640" height="480" />
</body>
</html>
Ignore for a moment that SO doesn't actually allow itself to be loaded in an iFrame. If it did, the SO page loaded by the iFrame would show you as signed in.
How can I use an iFrame without any cookies or session data? (like incognito mode in Chrome)
Why?
My company sells a product (web-app) for people to build customized websites with. When they are authenticated, and they visit their website, we show them the auth'ed version of the UI so that they can edit the content. Un-auth'ed users only see the static website. Using multiple browsers or clearing cookies is not a reasonable expectation of our users so we want to show a preview of their site to them in an iFrame so they can see what their visitors would see. We also want to show "mobile" previews of the site with smaller resolution iFrames so that they may see what their visitors would see if they came to the website on a phone. These iFrame(s) need to be loaded without access to the browser's cookies or session data so that they load in un-auth'ed mode, just like Chrome does in incognito mode.
I haven't tried anything yet because I don't know where to start. I did find out that HTML5 added some sandbox attribute values to the iFrame element, but none of them seem to help with this problem. Maybe something could be done with JavaScript, we do already use jQuery in our project.
Note: We aim to only use valid HTML5
If you fully control the webstack wouldn't it be easier to add a preview parameter that treats the user as unauthenticated?
For instance:
<iframe src="http://stackoverflow.com?preview=1" width="640" height="480" />
Followed by bypassing your authorization checks if the preview flag exists.
I created a slideshow for a website and users can put videos from vimeo or youtube in it. It works just fine. Due to some limitations with current browsers I have the thumbnail of the video showing in the slideshow, and clicking the picture opens a lightbox with the actual video. I copied the iframe code from both the youtube and vimeo websites exactly as they have it, but my console is showing errors for every iframe on the page. This is an example iframe element on my page:
<iframe
class="hide_me"
src="http://player.vimeo.com/video/7339803"
width="100%"
height="100%"
frameborder="0"
webkitallowfullscreen=""
mozallowfullscreen=""
allowfullscreen="">
</iframe>
And this is the error I'm getting in my console:
Blocked a frame with origin "http://player.vimeo.com" from accessing a frame with origin "http://my-machine-name". Protocols, domains, and ports must match.
Am I doing something wrong?
Pages can prevent themselves being loaded inside iframes on third party sites (same origin policy).
The whole rundown can be found here: https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
Pages that allow embedding in general often have a specific URL without these restrictions, but even YouTube has added them to their current embed URL recently with the old /embed/ scheme still working. Maybe Vimeo also has a working alternative?
I'm writing a firefox extension to read out the privacy settings of a facebook user. (not a facebook app!!) To switch between different websites of facebook I used iframes, but this isn't working anymore. I have this problem since 2 weeks.
$('#globalContainer').append('<iframe id="reusable_iframe" src="" width="90%"
height="400" name="reusable_iframe"></iframe>');
//....
$('#reusable_iframe').attr('src', link);
I'm follow the Same origin policy and it was working just fine since a 2 weeks!? an example:
var link = "http://www.facebook.com/editprofile.php?sk=basic";
Now I just get a blank iframe :(
the funny thing is, that if I add "http://www.youtube.com/embed/Qi_AAqi0RZM" or "http://trololololololololololo.com/" to the iframe it's working without a problem... :/
did facebook change the rules for own links in iframes? Is there a workaround? Is there an other way for me to scan different sites with firefox-extensions? i would prefer to stay with content-scripts....
Edit: This is how it looks at firebugs... also funny is that the facebook page http://www.facebook.com/undefined is working however!?
<iframe id="areusable_iframe" width="90%" height="400" name="areusable_iframe" src="http://www.facebook.com/">
<html>
<head>
</head>
<body>
</body>
</html>
</iframe>
Facebook sends the following response header to the browser:
X-Frame-Options: DENY
This cause all major browsers (even IE8 and higher) to prevent showing it inside frames.
The old way was "frame buster" using JavaScript forcing the page to open as the top window, but it's very unfriendly so it was replaced by this header in most modern websites that don't want to be displayed in frames.
Not much you can do though, sorry.
The "undefined" page is just blank content which is their 404 custom error page as it does not contain the above header, it can be displayed inside frame.
To learn more about the X-Frame-Options header see this documentation.