0

I'm trying to use <embed> but having limited success. These two URLs won't embed, for example.

<embed style="width: 500px; height: 300px;" 
  src="https://www.tate.org.uk" width="300" height="150">
</embed>
<embed style="width: 500px; height: 300px;" 
  src="http://www.northlondonreadinggroup.co.uk/" width="300" height="150">
</embed>

Whereas other URLs will...

https://adsler.co.uk/adsler-blog/

I came across these: How Can I Bypass the X-Frame-Options: SAMEORIGIN HTTP Header? If I post them in my site header, can I bypass iframe restrictions?

<script 
src="https://unpkg.com/@ungap
/custom-elements-builtin"></script>
<script type="module" src="x-frame- 
bypass.js"></script>
  • I get "Refused to display 'https://www.tate.org.uk/' in a frame because it set 'X-Frame-Options' to 'sameorigin'." – showdev Jun 01 '19 at 12:39
  • What does that mean? –  Jun 01 '19 at 12:40
  • It means that site prevents embedding in an iframe. See [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options). – showdev Jun 01 '19 at 12:42
  • So what do i do to fix? –  Jun 01 '19 at 12:43
  • 1
    It's a security restriction that's probably best to respect. That being said... Possible duplicate of [How Can I Bypass the X-Frame-Options: SAMEORIGIN HTTP Header?](https://stackoverflow.com/questions/2783095/how-can-i-bypass-the-x-frame-options-sameorigin-http-header) – showdev Jun 01 '19 at 12:46

1 Answers1

0

As @showdev mentioned, you can use the X-Frame-Options

Here is an example for your case:

<!DOCTYPE html>
<html>
<script src="https://unpkg.com/@ungap/custom-elements-builtin"></script>
<script type="module" src="https://unpkg.com/x-frame-bypass"></script>
<body>

<h2>HTML Iframes</h2>
<p>You can use the height and width attributes to specify the size of the iframe:</p>

<iframe is="x-frame-bypass" src="https://www.tate.org.uk" height="150" width="300"></iframe>

<iframe is="x-frame-bypass" src="http://www.northlondonreadinggroup.co.uk/" height="150" width="300"></iframe>

</body>
</html>

Here is the example that I mentioned: (Just click on run)

https://www.w3schools.com/code/tryit.asp?filename=G4LYCU8V9ILG

Hello World
  • 207
  • 1
  • 12
  • So if i put `

    HTML Iframes

    You can use the height and width attributes to specify the size of the iframe:

    ` in my `body` it will work?     –  Jun 01 '19 at 12:57
  • Here is the example that I mentioned: (Just click on run) https://www.w3schools.com/code/tryit.asp?filename=G4LYCU8V9ILG – Hello World Jun 01 '19 at 12:59
  • Thanks. I just wanna know exactly what code I've got to put and where. That would be helpful..thanks –  Jun 01 '19 at 13:03
  • In the example you have the code! I chose "iframe" instead of "embed", I think it is better for this case! – Hello World Jun 01 '19 at 13:06
  • Re security-can't see how me embedding site in my own causes security risk? –  Jun 01 '19 at 13:06
  • @One89 It's not a security risk for you as much as the other site apparently doesn't want you to embed their content on your site. If you are interested, "... most companies do not allow their content to be framed in such a way that it looks like someone else owns the content. If you're going to do that, you should be very aware that this annoys people. Furthermore, if you're not willing to remove the content in an iframe or the frameset around the linked page, you may be risking a lawsuit." -- [The Legalities of Linking](https://www.lifewire.com/legalities-of-linking-3468972). – showdev Jun 01 '19 at 13:14
  • But this doesn't forbid iframe amd it's still refusing to render? `` –  Jun 01 '19 at 13:33
  • @One89 That one works for me, but only over http. Otherwise, I get "Mixed Content: The page was loaded over HTTPS, but requested an insecure plugin resource. This request has been blocked; the content must be served over HTTPS." Do you get an error like that in your browser console? – showdev Jun 01 '19 at 13:48
  • I just get a grey square with a broken link saying something like `refusing to connect` –  Jun 01 '19 at 13:52
  • `The web page at https://www.northlondonreadinggroup.co.uk/ might be temporarily down or it may have moved permanently to a new web address.` and that's over `https` –  Jun 01 '19 at 13:56
  • That site doesn't seem to be served over https. It's only available at http. – showdev Jun 01 '19 at 15:02