0

Has there been mass un-support for iFrame in the last 24 hours that I don't know about?

One of the pages on my website contains a rather large iframe which has been working perfectly fine for the last 7 months without being touched in any way. However today it stopped working. The page loads as expected but the iframe doesn't load anything.

I have checked the source code and it matches backups from the last 6 months, so nothing has changed there. Also, I have checked the iframe link is valid and working, so nothing wrong there. I have tried in several browsers but all show the iframe as being blank. I even tried on my phone and tablet (using different ISPs) but they show the iframe as being blank too.

I am literally stuck for words and ideas :/

  • Have you tried to check browser console for any possible errors? In Chrome, hold Ctrl+Shift+I and click on console tab, refresh the page and see if any error are printed on the console. – Armaiti Jan 26 '16 at 19:17
  • @Aramiti This has returned an error as you suggested... Refused to display 'http://www.xxxxxxxxxxx/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. Not sure why this is suddenly happened after all this time. –  Jan 26 '16 at 19:20
  • This might help you [http://stackoverflow.com/questions/6666423/overcoming-display-forbidden-by-x-frame-options](http://stackoverflow.com/questions/6666423/overcoming-display-forbidden-by-x-frame-options) – Armaiti Jan 26 '16 at 19:24
  • @Aramiti Yeah I was just reading that. I am more interested to know why it's suddenly changed. Could have have happened in a newer version of Apache or PHP? –  Jan 26 '16 at 19:31
  • Browsers are keep updating automatically and the latest updates are getting more sensitive about x-frame option, or other potential security threats. – Armaiti Jan 26 '16 at 19:36
  • @Aramiti If I understand this correctly, is this because the "third party" site has explicitly started denying their site to be loaded in a frame? –  Jan 26 '16 at 19:56
  • Highly possible and if that's the case, please respect the third party's policy. – Armaiti Jan 26 '16 at 20:12
  • Is there any option to force chrome to display the page? Otherwise I'm going to have to do some kind of proxy and have it drop the headers. –  Jan 26 '16 at 20:13
  • No, there is no option – at least none that would apply to all visitors of your website. // Ask the third party whether they are willing to change this, so that the resource can be embedded again. If they are not willing to do that, then they probably won’t be happy with any authorized use of their data either (which means, even if you proxy that stuff, you might still be hold liable:) – CBroe Jan 27 '16 at 14:20

0 Answers0