There is an application which has two demands on opening the application.
First of all it has to be loaded via a iFrame. 2nd of all it has to be loaded from a specific referrer. If one of these isnt true, the application cannot be opened.
My question. Is it possible to work around those demands? So I spoof the HTTP request and I load it in a iFrame in my own website.
Ofcourse I can iFrame the application and ofcourse I can spoof the HTTP request. But I can't figure out a way to do it both, I can't see it. Somebody can help me out?
I would suggest creating a PHP file which gets the content of the website hosting the application (take a look here for an idea of how to do it), and then using your iframe to display the PHP page you just created.
Related
I fear that the answer will be "Impossible due to browser security policy" but I really need to accomplish the following:
The problem I have is that the content to be embedded in my web page includes some menu items that I need to remove/hide because they trigger operations that I need to prevent. I cannot find a way to address these DOM nodes to hide them.
I have a web page and need to embed a URL from another domain into my web page. I have tried this with and also by using Ajax to fetch the URL contents and insert them into the DOM of my web page. These two methods have different results.
If I use to embed the page from the "foreign" domain I can see the "foreign" domain's content and I can address the node but all attempts to access the nodes underneath return null. There is no error message (in Firefox) but I suspect that I am getting null because the browser is enforcing the same-domain policy.
On the other hand, if I use Ajax to insert the page content into my web page I don't even see the content and in this case there is a CORS error in the Firefox debugger console.
Since I don't control the "foreign" domain I can't modify it to use the window.postMessage(); technique.
Can anyone suggest a way for me to be able to hide menu items that are in content fetched from a "foreign" domain? (Gotta be a way, gotta be a way, ...)
Thank you.
Say I have set up a page with 8 frames, each frame tries to load different URLs in my LAN. If one or more of these URLs (belonging to local web servers) fail to load, I get the ugly error screen. Is there any way I can force that frame(s) to load an alternate URL if it times out or we can't catch that?
ThankS!
Your post lacks sufficient information to answer it fully.
This Answer is just resource help & knownledge. Hope you find it helpful.
If you are http://localhost/ as your main page, and the iframes are on the same host domain http://localhost/ you should be able to read the iframes & their content with javascript.
If you are lets say http://mywebsite.com/ and you are trying to access http://localhost/ you'll run into a wall, because web browsers are built to prevent you from interacting with the sub-domain or iframe bacause of Same-Origin-Policy.
https://en.wikipedia.org/wiki/Same-origin_policy
If you control http://localhost/ you can add the headers or permissions to allow Same-Origin-Policy to overrode. CORS for short. Not sure if it allows iframe access, i dont use iframe much anymore, i just use AJAX. Which for you i'd recommend looking into because it can handle ERROR PAGES exactly the way you want.
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
If you control both the HOST http://mywebsite.com/ & http://localhost/ you can put javascript on both pages & allow them to communicate with each other. But if you are getting error pages, it is unlikely you can control error page responses.
https://en.wikipedia.org/wiki/Web_Messaging
Is there a way to detect these website errors in iframes? I am working on a app that has a third party website that has to be embedded into an iframe (trust me I'm not happy about it.) and we have to be able to hide the iframe if these errors occur.
What is the most graceful way to handle this? I have tried a .error, but have had no success. Help would be appreciated so I can keep my brain intact and not have it explode everywhere.
No, it's not.
If iframe is coming from diferent source and doesn't allow access( X-Frame-Options ), you can't do anything about it.
read about it here same origin policy.
There are few things, however, you can do:
If those are singular clicks (people don't navigate further) you can just make request and check content and then actually open iframe.
You can add in app browser like Linkedin for example. Take a look at cordova in app that is really specific solution, different for each platform, but it removes need of iframe.
I hope this is the right place to ask this question - I did have a look at the rest of the sites in the network but this looked like the most appropriate place.
We are having issues serving third party adverts on our websites. For various reasons our ad setup is a bit complicated - we serve third party javascript tags (AppNexus) through our own ad server (OpenX) through iframes. Currently, the third party javascript tags are not showing correctly, although they have worked just fine in the past.
Debugging this in Safari I have discovered a few things which seem to me to be a bit unusual, and I'm struggling to work out what's going on. Using the web inspector to check the third party's javascript, it appears in the web inspector as a blank file. Additionally, if I check the network tab, the headers are shown and look fine, but there is no 'content' tab with which to check the returned content. The network tab shows the request for the file as complete, and with suitable status codes (200/302):
http://cl.ly/401C1D3Y3u2G2k2k3s0x
However, if I load the file directly in the web browser, it loads fine:
http://ib.adnxs.com/ttj?id=694021&cb=[CACHEBUSTER]&pubclick=[INSERT_CLICK_TAG]
FWIW, the javascript file uses document.write to spit out either an image or another iframe. It's also worth mentioning that there are no related errors in the console - there is one relating to Google Ads, but the problem persists if I load the Ad server's iframe directly without the rest of the site.
Has anyone seen this behaviour before, where a file loads just fine directly, but is (blank / not retrieved / not parsed / whatever's going on) when called as part of another page? If so, would you be able to help me fix this?
Thanks in advance for any help you can give me - I hope this makes some sense and will be happy to provide any further information that might help me get to the bottom of this!
Ollie
I'm guessing that the third party site is filtering output from their servers based on the HTTP referer being sent in the request (a technique employed by many web hosts to thwart hot-linking content). Try putting the link to the javascript file in a clickable link on a web page on your server and click it and then see if it loads or if you get a blank page. You could also try loading a browser extension which lets you forge the HTTP Referer (such as RefControl for Firefox) and then change your refer to be your site instead of the third party's and try pasting in the URL to the browser and see if it loads.
This isn't your fault if it's what turns out to be the actual problem. It's up to the third party to configure their web host to allow for this.
I have a task that i do not know where to start, i hope Stack Overflowers can give me some ideas.
I want to read the html source code of the previously opened and still opening tab in my web page.
My approach was to grab the url of the targeted page, send that url to server and do something, then use it in my web page. But i am facing the "same domain policy" on the server side, i know that JSONP can be used, but i must use POST in this case (other reasons). So i think if the tab (page) has been opened and is still open, there must be some ways that i can read the HTML when my web page is opened.
The flow will be if there is Page1 opening, user opens mywebpage.html on the same Window, mywebpage.html finds there is Page1 opening, then grab the HTML source page and use it.
Thanks!
Edit:
This is the full story.
What I am planning to do is a FireFox plugin. And there is a Button (myPluginButton) on the tool bar.
If user click myPluginButton, the HTML code of the current page will be sent to the server, then server parse the HTML code and generate a report, a new tab then is opened to display this report.
My current approach is to read the HTML of current page using newTabBrowser.contentDocument and send it to server, then do the parsing on server side. But this approach creates extra traffic. The efficient way would be only the url of the current page is sent to the server, and we can read HTML and parse it on the server side. However, the same domain policy does not allow me to do this easily.
So, my question is if it is possible to do when user click myPluginButton to open a new tab, this new tab loop all the opening tabs on the browser and reads the HTML contents of them then generate the report, since these tabs are still opening and the HTML contents must be saved on somewhere ( or i am wrong).
Thanks.
The browsers have a built in protection called same origin policy that prevent a page to read the content of other origin(domain, subdomain, port,...)
If you want to gain access to the current page you can use a bookmarklet.
You ask your users to add it in their bookmarks bar, and each time they want to use it, they don't open a tab but click on the bookmark.
This will load your script in the page, with all access to read the page content.
And oddly enough you can POST from this page to your domain, by posting a FORM to an IFRAME hosted on your domain. But you won't be able to read the response of the POST. You can use a setInterval with a JSONP call to your domain to know if the POST was successful.