0

I'm trying to offer users a way to have a top bar, and the bottom would be an IFRAME, loaded with the content we send them to (with us sending them to the next site when needed)

So, I have:

<div id="top">
   some menu options here
</div>
<div id="frame">
    <iframe id="newsViewer" src="http://www.bbc.com"  frameBorder="0" border="0">Sorry, please enable iFrames to view this</iframe>
</div>

...and CSS:

#top {
    background: rgb(249,249,249);
    position: fixed;
    height: 90px;
    top: 0px;
    left: 0px;
    width: 100%;

}
#frame {
    /*background:red;*/
    border-top: 4px dashed #eee;
    position: fixed;
    top: 90px;
    left: 0px;
    height: 100px;
    width: 100%;
}

https://jsfiddle.net/h2nyLhmu/

This gives a CORS error though:

Load denied by X-Frame-Options: http://www.bbc.co.uk/ does not permit cross-origin framing.

I kinda understand why they are doing it, but it totally screws up the whole model of the system I was going to use to show the links :/

Andrew Newby
  • 4,941
  • 6
  • 40
  • 81
  • Well, security issues is security issues and I don't think there is any way to by-pass security – Justinas Apr 15 '16 at 13:07
  • @Justinas - thanks, I had a feeling you would say that :( – Andrew Newby Apr 15 '16 at 13:07
  • This is not a CORS error (i.e., the problem is not caused or solved by CORS headers, nor is it related to the browser's normal same-origin policy), but is instead [a mechanism to prevent clickjacking attacks](http://security.stackexchange.com/q/67889/13146). – apsillers Apr 15 '16 at 19:08
  • @apsillers - thanks, yeah thought it was as much. A friend suggested I should try using a script proxy on the server, to download the page, and then serve it locally (tweaking it so the links on the page open up in an external link though, which isn't something I'm too keen on - but may not have a choice) – Andrew Newby Apr 16 '16 at 06:08
  • @AndrewNewby If you really want to display the page in an iframe, that is your only option. Consider, however, that in that approach you're making a copy of the target page and may face copyright issues if you are big enough to attract the attention of the owners of framed page. – apsillers Apr 18 '16 at 16:03

0 Answers0