Why can't we get content of cross-domain iframes?

Question

I have a cross-domain iframe that's just like:

<iframe src="example.com"></iframe>

You can easily open the link(example.com) on a browser, and see its content(inspect element/view source). And in google, the iframe's contents are also visible in the website by inspect element. Now why can't i just see that iframe site's content in my website through code? Why would it be a security flaw if i can simply:

open the iframe's src link, and then inspect element to view the sites content

or

view the iframe's content in my site through google's inspect element

?

I just want to get the iframe video's src link for example.

Does this answer your question? [how to resolve iframe cross domain issue](https://stackoverflow.com/questions/40866219/how-to-resolve-iframe-cross-domain-issue) — LeeLenalee, Sep 08 '21 at 10:14
@LeeLenalee nah i wanna learn the reason behind it, not just "security" — someone, Sep 11 '21 at 16:39

score 0 · Answer 1 · answered Sep 08 '21 at 10:52

0

You should know about CORS (Cross-Origin Resource Sharing) https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

Shortly: you should response some of headers about cross-site accesses: Access-Control-Allow-Origin, Access-Control-Request-Methods, Access-Control-Request-Headers, Access-Control-Allow-Credentials.

answered Sep 08 '21 at 10:52

Doltan James

3
3

i still dont get the reason? it just says "security reasons" – someone Sep 08 '21 at 15:04

Why can't we get content of cross-domain iframes?

1 Answers1