I have an issue trying to embedded https site in an iframe.
I keep seeing it as this in my Chrome.
But if I visit the site first, click on Advanced
Then, click proceed
then, I can see the site in the iFrame.
How do I force embedded HTTPS site in iframe without having to go through those steps?
Is there any workaround or is it not even possible?
You don't post the URL, but there is a reference in the error page to 192.237.179.29.
This makes me think that the actual problem here may actually be that the iFrame is referenced by IP address instead of by hostname.
It is very uncommon to have SSL certificates that correctly map to an IP address. And by uncommon I mean that I don't even know if it is possible to register a certificate for an IP address.
If you know the proper hostname of the website that you are trying to reach, try to use that. Or tell the site owner to reference that iframe by hostname instead.
Related
I have a URL and I need the content inside this URL. Actually, I wish to embed the content present inside this URL. What all are the possible ways to do this without any cors issues??
I have already tried using iframes and other tricks to avoid cors issues. But still, I am not able to embed many websites in an iframe. My main aim is not to embed a website in an iframe but to embed the content inside the website URL.
I will be more than happy if there is an API which returns me back the content in a URL website.
If there is not, then how can I create such an API?? And how do I get it hosted??
As a solution to this, I created a flask app which will return me the whole website so that I can embed it in my iframe. But then it is like a proxy server and I cannot host it on Heroku because Heroku does not allow public proxy server.
Please note embedded the whole site or just the content is of similar use to me. It is just that when embedding the site, it will be interactive and in the other case, it will not. I am good with both, embedding just the content or the whole website.
Now, I am thinking to make a web crawler which will crawl the web, cache websites and store them in a database. I am thinking to host this on firebase. I have no idea about the capabilities of the firebase. I just know that it provides us with a NoSQL database and some cloud functions.
The cloud functions part interests me.
I don't know if the following is correct/feasible.
I will send the URL(whose content I need) to firebase. It will then fetch the whole website and store it in the database(so, that next time I request the same URL, it does not need to recache the whole site again) and then return me this cached content.
If there is other better way to do this, please let me know.
I need the content for my chrome extension https://github.com/Shaikh-Ubaid/InSyd
For code, please refer to this GitHub repo.
To get an idea of why I want to get content/embed content, I am attaching a gif showing the working of the extension.
<img src="https://raw.githubusercontent.com/Shaikh-Ubaid/InSyd/master/Popup-demo.gif" alt="gif" />
I have a flash game from another website iframed on my site.
I want to prevent users for leaving my site when clicking a banner inside the flash game that redirect to another website.
I tried the sanbox thing but didnt work.
is this possible since the iframed content is a flash game?
Since the iframe is cross domain there isn't really anything you can do unless you have access to that server. Check out CORS(Cross Origin Resource Sharing), but I think even that will only get you as far as XHR requests go. It still wouldn't allow your scripts to access the contents of the iframe unless it is hosted on the same domain.
I've made a small gwt app and released it, but today I found a serious problem. I was aware of the same origin policy issue so I've put my gwt app and rest json app on the same server. But apparently browsers doesn't regard http://www.xyz.com and http://xyz.com as the same source so when a user lands on a www.xyz.com he can't get data from http://xyz.com.
This is the message:
XMLHttpRequest cannot load http://xyz.com/backend/...
Origin http://www.xyz.com is not allowed by Access-Control-Allow-Origin.
What is the best way to deal with this? I've googled and first found .htaccess solution which doesn't work for tomcat. I ended up using a empty landing page index.html with only redirect to url without www in it. It's not the best solution because someone can still type in url with www which is not going to index page so it wont get redirected.
Any help will be appreciated.
You shouldn't use absolute URLs in your app unless absolutely necessary.
I.e. you should have "http://example.com" in your code if the app can be loaded from http://www.example.com.
For instance, if you want to load some data from, e.g. http://example.com/abc/def, then put "/abc/def" in your code, not "http://example.com/abc/def". That way, the browser will resolve the URL to either http://www.example.com/abc/def if the app has been loaded from http://www.example.com, or to http://example.com/abc/def if it's been loaded from http://example.com. And you never risk to hit the Same-Origin Policy.
You should only host a website under a single sub/domain. All traffic to http://www.example.com should be redirected to http://example.com or vice versa.
I need to display another website in an iframe. I don't need to access anything on this website I'll be displaying. Is this in violation of the cross domain policy? If so, would a proxy bypass this?
I tried a simply iframe with its src set to http://google.com as a test, and it looks like this does violate this policy. How can I bypass this if I don't need to access anything on the displayed webpage.
No, you can access any site through an iFrame.
What is against the policy is trying to manipulate the site in any way and modern browsers won't let you manipulate it anyways.
Google does allow you to get their site through an iFrame, however, they're using code to "break out of frames", so instead of viewing their site through an iFrame, you'll just be redirected to google.com
Ah, I see now that its only the test page I used, google, that forbids this. Other sites are OK.
On my JSF page I am trying to show some other website in an iframe and show its URL. I understand now that for security reasons I can only access the URL of the iframe if it is showing some site of my domain. So, I've found that problem a lot of times in the internet, but I couldn't find any solution. I don't want to read the content of the iframe, but only the URL.
Is there any solution for this requirement? Using an alternative to iframes? Frameset, browser in browser? Popup?
If you want to stick to the iframe option, I would test to see if the innerhtml of the iframe matches that of the website they are meant to reach. The innerhtml in webkit does seem to change as the user browses.
The only alternative I can think of is http proxying the web sites, changing the links to refer to your proxy, then telling them they win when the requested proxy URL matches that of the destination.