I read this question , but ...">
All geek questions in one place

Why Iframe Doesn't Work for yahoo.com

I believe this does not work:

<iframe src="http://www.yahoo.com"> </iframe>

I read this question , but I do not understand what they mean by adding:

 <?php header('X-Frame-Options: GOFORIT'); ?>

I tried to add this to the top of my html file (of course, changed it to a php file), and my php file became:

 <?php header('X-Frame-Options: GOFORIT'); ?> <iframe src="http://www.yahoo.com"> </iframe>

I run it in my appserv (with php 5.2.6) and it does not work. Can anyone explain what should I do to overcome this?

+2
source share
4 answers

You're out of luck: yahoo.com doesn't allow you to embed your site in an iframe. Also, there are no Facebook or other popular sites.

The reason for this limitation is clickjacking .

You can verify this by checking the response headers from your site; they indicate X-Frame-Options:SAMEORIGIN , which means that only yahoo.com can embed yahoo.com pages.

Some older browsers will not use the header, but all new ones will. Afaik, there is no easy way.

The only solution I can think of is to implement a proxy script, i.e. you embed a script that lives on your server that retrieves the remote content for you.

Eg. your iframe calls "/my-proxy.php?url= http://www.yahoo.com/ " and that script will look like this:

 <?php header('X-Frame-Options: SAMEORIGIN'); // don't allow other sites to use my proxy echo file_get_contents($_GET['url']);

Your mileage may vary ...

+5
source

You have problems sharing Cross-origin resources. Read these Wikipedia CORS and MDN CORS articles .

As for your fragment,

 <?php header('X-Frame-Options: GOFORIT'); ?>

need to be added to the page that will be served , and not to the page / code requesting it, which in this case will be yahoo.com . But since you do not service yahoo.com yourself, it cannot be added.

However , if the question was about your own pages and yahoo.com was just an example, you can simply set the correct HTTP headers as stated in the articles and you would be nice.

+2
source

Some websites, such as google, yahoo, have disabled iframes for their site. If you want to do this, grab them html with curl or file_get_conents on the server side and show it.

Check the response header of the X-Frame-Option HTTP response. I think for yahoo this should be negation or sameorigin, which means that only a yahoo page can embed its other pages in an iframe

0
source

Add ' Ignore X-Frame headers ' to google chorme, then it works fine.

-1
source

Source: https://habr.com/ru/post/975115/

More articles:


All Articles