Is there a way to detect these website errors in iframes? I am working on a app that has a third party website that has to be embedded into an iframe (trust me I'm not happy about it.) and we have to be able to hide the iframe if these errors occur.
What is the most graceful way to handle this? I have tried a .error, but have had no success. Help would be appreciated so I can keep my brain intact and not have it explode everywhere.
No, it's not.
If iframe is coming from diferent source and doesn't allow access( X-Frame-Options ), you can't do anything about it.
read about it here same origin policy.
There are few things, however, you can do:
If those are singular clicks (people don't navigate further) you can just make request and check content and then actually open iframe.
You can add in app browser like Linkedin for example. Take a look at cordova in app that is really specific solution, different for each platform, but it removes need of iframe.
Related
Say I have set up a page with 8 frames, each frame tries to load different URLs in my LAN. If one or more of these URLs (belonging to local web servers) fail to load, I get the ugly error screen. Is there any way I can force that frame(s) to load an alternate URL if it times out or we can't catch that?
ThankS!
Your post lacks sufficient information to answer it fully.
This Answer is just resource help & knownledge. Hope you find it helpful.
If you are http://localhost/ as your main page, and the iframes are on the same host domain http://localhost/ you should be able to read the iframes & their content with javascript.
If you are lets say http://mywebsite.com/ and you are trying to access http://localhost/ you'll run into a wall, because web browsers are built to prevent you from interacting with the sub-domain or iframe bacause of Same-Origin-Policy.
https://en.wikipedia.org/wiki/Same-origin_policy
If you control http://localhost/ you can add the headers or permissions to allow Same-Origin-Policy to overrode. CORS for short. Not sure if it allows iframe access, i dont use iframe much anymore, i just use AJAX. Which for you i'd recommend looking into because it can handle ERROR PAGES exactly the way you want.
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
If you control both the HOST http://mywebsite.com/ & http://localhost/ you can put javascript on both pages & allow them to communicate with each other. But if you are getting error pages, it is unlikely you can control error page responses.
https://en.wikipedia.org/wiki/Web_Messaging
Now I know there are a lot of resources about same origin policy, but I just want a straight up answer for my specific query as I am really struggling to understand.
I am using Facebook plugins on my website, these create iframes that are only visible in the DOM when I use chromes inspect element etc.
Is there a way that I can access these iFrames properties/attributes at all, or is it a resounding "NO CHANCE!". I am spending far too much time on this and I just need to get a final verdict.
Thanks!
Javascript doesn't see the iframe content. Chrome inspector just loads 2 different websites in the same time, yours and the plugins one, so you can play with both of them.
Just curious, how would you like to change it?
In general, JavaScript cannot access iframe content from outside of the iframe, unless the page domain and the iframe domain share the same protocol and host and port. In your case, this could possibly be done using a proxy server to load the iframe content from your domain.
http://en.wikipedia.org/wiki/Same_origin_policy
In my website, there is an error occurred based on the ssl. On the main page, there is a youtube video will play, when the site load. I think the ssl error is due to this because after inspecting element, it shows the following error:
1) Unsafe JavaScript attempt to access frame with URL https://dev.myproject.info/ from frame with URL https://www.youtube.com/embed/Zr4JwPb99qU?autoplay=1. Domains, protocols and ports must match.
2) The page at https://dev.myproject.info/ displayed insecure content from http://r4---sn-ci5gup-h55e.googlevideo.com/crossdomain.xml.
3) The page at https://dev.myproject.info/ displayed insecure content from http://r4---sn-ci5gup-h55e.googlevideo.com/videoplayback?algorithm=throttle-factor&burst=40&clen=1704783&cpn=LbUqMfNNay39Ml-
I don't know what to do. Any help is much appreciated. Thanks in advance.
The first warning you can't get rid off, it always shows up if an iframe tries to access data from another iframe not hosted from the same domain. It happens with a lot of third-party content (like a LinkedIn button on your site for example) since you can't check if you have access without triggering the warning. But you can safely ignore it as it won't show up to end users.
As for the other two, as this data is loaded by the youtube iframe which you don't have control over you can't get rid of it. I think this has only started happening recently and Google/Youtube will have to fix it on their end. I guess the only solution for now is to open videos in another window (which isn't really ideal).
Hi I actually went through something similar with my JQUERY link for HTTPS/SSL.
Originally it was: "http://code.jquery.com/jquery-1.9.1.min.js"
Then I changed it to this: "//code.jquery.com/jquery-1.9.1.min.js"
So that it will register it with https or http. That should do the trick.
You can also view this article in stackoverflow: Why do I have both HTTPS and HTTP links on site, need them all secure!
Good luck!
Some websites has a script that will redirect it to the original site if you tried to put it on an iframe. So to solve this, we have add the property sandbox="allow-scripts" to the iframe tag. But this solution will not work on browser that doesn't support html5. How can we resolve this? Additionally, we still want to have the script activated on the inner pages.
Ask the owners/administrators of the site to give you an authenticated URL for the site that doesn't redirect.
If you're trying to do this without the permission of the owners/adminstrators, then please reconsider your design.
It sounds like the original post is mentioning a frame-busting script which is in place to keep the page contents from being framed, usually to combat click-jacking attacks.
If you have permission from the site you are trying to frame, aka you have a legitimate reason to be framing their site, you should work with the owners of that site to find a work around. One such method would be to have them replace their frame-busting script with an X-Frame-Options header that could list your domain as an allowed domain to frame the content.
While I'm learning about iframe i found some of the URLs cannot be loaded into iframe. While i tried to load them they replace the current page with that iframe URL page. My friend suggested me to use an iframe enforcer but he is not sure about it.
What I'm wondering is, if it is possible to enforce every url into iframe. If yes which is the best way to do so. Also if this is possible to block our site to load on any iframe. I'm so eager to learn about this.
One of the URL that is not loading is www.dinamalar.com
This is not possible, you cannot load a website into a frame if it doesn't cooperate. Even if JavaScript is off, most browsers already support the X-Frame-Options response header. This is actually a security feature because a malicious website could load a trusted website into a frame and trick the user into clicking a link in it to start some action (Clickjacking).
That said, I think that MSIE's security="restricted" attribute prevents frames from breaking out using JavaScript code the way dinamalar.com does it. I don't think that any browser other than MSIE implements this however (and they don't plan to either).