I am trying to add:
$('#div_content').load('page.html');
into an App so that grabs announcements from my school's site, so when they update the site, it updates the apps page, and im not sure if its because im stressed and keep missing it, but how would i have it load the div "page-content" from said "URL" using the above script, sorry if this sounds stupid!
Simply put - you can't load HTML from other domains (like your school) unless they explicitly allow it by enabling Cross Origin Request Sharing (CORS). You can ask your school's IT administrator, but I don't think they'd be too keen on it, as CORS opens up a whole host of security issues.
Your best option is to use an <iframe> element:
<iframe src="page.html" width="400" height="400"></iframe>
Related
Is there a way to detect these website errors in iframes? I am working on a app that has a third party website that has to be embedded into an iframe (trust me I'm not happy about it.) and we have to be able to hide the iframe if these errors occur.
What is the most graceful way to handle this? I have tried a .error, but have had no success. Help would be appreciated so I can keep my brain intact and not have it explode everywhere.
No, it's not.
If iframe is coming from diferent source and doesn't allow access( X-Frame-Options ), you can't do anything about it.
read about it here same origin policy.
There are few things, however, you can do:
If those are singular clicks (people don't navigate further) you can just make request and check content and then actually open iframe.
You can add in app browser like Linkedin for example. Take a look at cordova in app that is really specific solution, different for each platform, but it removes need of iframe.
Now I know there are a lot of resources about same origin policy, but I just want a straight up answer for my specific query as I am really struggling to understand.
I am using Facebook plugins on my website, these create iframes that are only visible in the DOM when I use chromes inspect element etc.
Is there a way that I can access these iFrames properties/attributes at all, or is it a resounding "NO CHANCE!". I am spending far too much time on this and I just need to get a final verdict.
Thanks!
Javascript doesn't see the iframe content. Chrome inspector just loads 2 different websites in the same time, yours and the plugins one, so you can play with both of them.
Just curious, how would you like to change it?
In general, JavaScript cannot access iframe content from outside of the iframe, unless the page domain and the iframe domain share the same protocol and host and port. In your case, this could possibly be done using a proxy server to load the iframe content from your domain.
http://en.wikipedia.org/wiki/Same_origin_policy
In my website, there is an error occurred based on the ssl. On the main page, there is a youtube video will play, when the site load. I think the ssl error is due to this because after inspecting element, it shows the following error:
1) Unsafe JavaScript attempt to access frame with URL https://dev.myproject.info/ from frame with URL https://www.youtube.com/embed/Zr4JwPb99qU?autoplay=1. Domains, protocols and ports must match.
2) The page at https://dev.myproject.info/ displayed insecure content from http://r4---sn-ci5gup-h55e.googlevideo.com/crossdomain.xml.
3) The page at https://dev.myproject.info/ displayed insecure content from http://r4---sn-ci5gup-h55e.googlevideo.com/videoplayback?algorithm=throttle-factor&burst=40&clen=1704783&cpn=LbUqMfNNay39Ml-
I don't know what to do. Any help is much appreciated. Thanks in advance.
The first warning you can't get rid off, it always shows up if an iframe tries to access data from another iframe not hosted from the same domain. It happens with a lot of third-party content (like a LinkedIn button on your site for example) since you can't check if you have access without triggering the warning. But you can safely ignore it as it won't show up to end users.
As for the other two, as this data is loaded by the youtube iframe which you don't have control over you can't get rid of it. I think this has only started happening recently and Google/Youtube will have to fix it on their end. I guess the only solution for now is to open videos in another window (which isn't really ideal).
Hi I actually went through something similar with my JQUERY link for HTTPS/SSL.
Originally it was: "http://code.jquery.com/jquery-1.9.1.min.js"
Then I changed it to this: "//code.jquery.com/jquery-1.9.1.min.js"
So that it will register it with https or http. That should do the trick.
You can also view this article in stackoverflow: Why do I have both HTTPS and HTTP links on site, need them all secure!
Good luck!
Some websites has a script that will redirect it to the original site if you tried to put it on an iframe. So to solve this, we have add the property sandbox="allow-scripts" to the iframe tag. But this solution will not work on browser that doesn't support html5. How can we resolve this? Additionally, we still want to have the script activated on the inner pages.
Ask the owners/administrators of the site to give you an authenticated URL for the site that doesn't redirect.
If you're trying to do this without the permission of the owners/adminstrators, then please reconsider your design.
It sounds like the original post is mentioning a frame-busting script which is in place to keep the page contents from being framed, usually to combat click-jacking attacks.
If you have permission from the site you are trying to frame, aka you have a legitimate reason to be framing their site, you should work with the owners of that site to find a work around. One such method would be to have them replace their frame-busting script with an X-Frame-Options header that could list your domain as an allowed domain to frame the content.
I'm building a web application (a web site) which has a feature where you can embed it inside your own web site (using an iframe).
So, my app has Google Ads, and sometimes when the it is inside another site as embed (inside an iFrame) it doesn't show Ads, I mean, ads are being rendered, but sometimes that html from google is blank.
I'm concern about the Policy of GoogleAds and to not use iFrames to show ads, but I'm not using iframes to show them, my app is just inside another site as a feature.
My question is: can this be done?, or by that policy I won't be able to show ads on my embed feature?
EDIT 1
This is the content which Google is rendering (inside another iframe of another iframe):
<html>
<head>
</head>
<body style="background-color:transparent" marginwidth="0" marginheight="0">
</body>
</html>
and also, I getting an error on the console:
Blocked a frame with origin "http://googleads.g.doubleclick.net" from
accessing a frame with origin "http://example.com". Protocols,
domains, and ports must match.
where "example.com" is some site that is using my feature
EDIT 2
So, I step at the Network tab of the console, and watch what was calling. Does a GET
http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-XXXX.... With 200 OK always, but sometimes it returns just the blank HTML (posted above) and sometimes the actual html with an AD.
One more thing I didn't tell, I'm using the Asynch new Beta method, not the Synch, so I'm thinking of try the Synch and see what happens.
You might try loading the page outside an IFRAME and run network capture on the traffic to/from Google. Explore the response headers - they might be using X-Frame-Options to prevent illicit click activity on ads. There's likely very little you can do about it aside from doing a server-side request and embedding the response HTML yourself. This will dramatically slow down your page loads and might violate your ad agreement.
EDIT:
After reading your follow-up testing, it sounds more like your site just doesn't meet the criteria of enough ad campaigns to serve ads with every request. I'd look at Google's FAQs or marketing information to find out how often ads are served or why you might not be getting ads on every request. Remember, the ads are for the benefit of the advertiser and they have good tools to make sure their ads are specifically targeted to the right audience to maximize their return. Your site just might not meet enough criteria to get many ads.
EDIT 2: A quick Google search turned up this FAQ for why Ads might not be showing. They seem geared to why ads don't show at all, not intermittent appearance.