7

Hi I 2 have iframes in my page in the one is working fine and another one is not working giving error as does not permit cross-origin framing. Example code is bellow: 

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org   /TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<script type="text/javascript" src="../script/jquery.js"></script>
<title>Cancellation Policy</title>
</head>
<body>

<span>Some text goes here.</span>
<br /><br />
<iframe src="http://www.w3schools.com/"></iframe>
<iframe src="https://www.google.co.in/?gws_rd=cr&ei=-bmBUo24M6npiAeepICYAg"></iframe>

</body>
</html>

Any help is greatly helpful.

786543214
  • 855
  • 4
  • 14
  • 29
  • What sort of help do you expect? You want to put Google in a frame. Google say they don't want that. You can't. What else is there to say? – Quentin Aug 14 '17 at 10:43
  • Possible duplicate of [How to show google.com in an iframe?](https://stackoverflow.com/questions/8700636/how-to-show-google-com-in-an-iframe) – Quentin Aug 14 '17 at 10:44

2 Answers2

1

Hey I found the solution to the problem. The problem is because the domains restricted to get access by other domains as they can hack the information here is the link which explains about the cross domain policy.

And we can over come from this problem by getting html Content and displaying that in our domain instead of accessing the other domain directly. And here is the link which explains about that.

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org   /TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<script src="http://code.jquery.com/jquery-1.2.3.min.js"></script>
<title>Cancellation Policy</title>
</head>
<body>

<span>Some text goes here.</span>
<br /><br />
<iframe src="http://www.w3schools.com/"></iframe>
<iframe src="https://www.google.co.in/?gws_rd=cr&ei=-bmBUo24M6npiAeepICYAg"></iframe>

<script>
        var url = 'https://www.google.co.in/?gws_rd=cr&ei=-bmBUo24M6npiAeepICYAg';
        $.getJSON('http://whateverorigin.org/get?url=' + encodeURIComponent(url) + '&callback=?', function(data){
            var html = ""+data.contents;

            /* Replace relative links to absolute ones */
            html = html.replace(new RegExp('(href|src)="/', 'g'),  '$1="'+url+'/');

            $("#siteLoader").html(html);
        });
    </script>
    <div id="siteLoader">
        <i>Loading&hellip;</i>
    </div>
</body>
</html>
786543214
  • 855
  • 4
  • 14
  • 29
  • Its possible but the problem is we cannot even send any request or receive some response from that page. – Zeb Aug 12 '14 at 08:32
-3

I think you can't open a secured website in iframe. i.e. those websites that starts with https:// can not be opened in iframe. You can open w3school.com in an iframe but not https://twitter.com or https://facebook.com or https://google.com, etc.

I got below error while trying to open google.co.in in an iframe:

Load denied by X-Frame-Options: https://www.google.co.in/ does not permit cross-origin framing.
Bimal Jha
  • 391
  • 2
  • 14
  • 1
    only true if your own website is NON-ssl. – phil294 Oct 16 '16 at 18:42
  • This is...misleadingly wrong. You can't open an HTTP site from an HTTPS domain, due to `mixed content`, but the problem with Google is an entirely separate issue. Many domains, especially ones worried about security, have a parameter set in their server settings that tells browsers to refuse to allow their website to be displayed in an iframe. If this is the case, then you'll get an error `Load denied by X-Frame-Options: https://www.google.co.in/ does not permit cross-origin framing.` – Eliezer Berlin Apr 17 '23 at 07:15
  • Otherwise somebody could display an iframe from Paypal, and put a transparent overlay on top of the iframe, so users who think they're clicking on the iframe and typing in their Paypal password are actually clicking on your overlay and typing their Paypal password into your website. – Eliezer Berlin Apr 17 '23 at 07:17