0

I am trying to embed amazon website in a webpage. Something like what is done here: http://en-jo.amazon.shop.cashbasha.com/

I tried to use iframe, but Amazon prevents it from being displayed as a security measure:

<iframe src="http://www.amazon.com/" width="100%" height="100%">
  <p>Your browser does not support iframes.</p>
</iframe>

I get the error:

Refused to display 'http://www.amazon.com/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

So how did the website above achieve that if Amazon doesn't allow it?

aynber
  • 22,380
  • 8
  • 50
  • 63
user2038833
  • 87
  • 1
  • 6

3 Answers3

2

It appears like the website you are referencing achieved this by entering the pure javascript code and html into their webpage. Be careful with this site, as it could be a phishing scam.

Sub 6 Resources
  • 1,674
  • 15
  • 31
2

I don't think you're going to get much traction with this approach. Browsers are getting very particular about iframes and mixed security levels. Attempting to find hacks to circumvent this on your client is bound to fail in the long run and puts your users at risk.

Ref: How Can I Bypass the X-Frame-Options: SAMEORIGIN HTTP Header?

Incidentally, I wouldn't (and didn't) click a link formatted like the one you posted. If I see Amazon in the URL, I expect it to be the base domain. Otherwise, I assume it was designed to fool a user, so even if a technical solution is found, I don't think you should want to deploy this in practice.

Community
  • 1
  • 1
James Fegan
  • 129
  • 1
  • 7
  • All I want to do is import the cart content from Amazon once the user is done shopping. So the way the website I referenced is doing it is by having a top bar that has an alternative check out. The idea is to allow people to buy products from Amazon through us so they can pay by cash. If embedding is not a good idea, is there an alternative? – user2038833 May 03 '16 at 09:24
  • Rather than brute-forcing from the browser interface, you may be able to take advantage of Amazon's public APIs to programmatically get cart contents. This would provide a more robust (ie less-buggy) experience for the user. However, I've never used this interface before, so you may get better feedback by opening a new question asking "How" to accomplish what you're looking for rather than details on the specific mechansim you chose. Here is a link to some of Amazon's Cart methods: http://docs.aws.amazon.com/AWSECommerceService/latest/DG/CHAP_WorkingWithRemoteShoppingCarts.html – James Fegan May 03 '16 at 13:11
1

You can use the X-Frame-Bypass Custom Element, which allows you to bypass X-Frame-Options: deny/sameorigin.

niutech
  • 28,923
  • 15
  • 96
  • 106