Why Iframe dosen't work for yahoo.com

后端 未结 4 1789
感情败类
感情败类 2020-12-12 00:46

I find this doesn\'t work:


I have read this question, but I don\'t understand w

相关标签:
4条回答
  • 2020-12-12 00:59

    You're having issues with Cross-origin resource sharing. Read these Wikipedia CORS and MDN CORS articles.

    As for your snippet,

    <?php
      header('X-Frame-Options: GOFORIT'); 
    ?>
    

    needs to be added to the page being served and not to the page/code requesting it, which in this case would be yahoo.com. But as you don't serve yahoo.com yourself, there is no way of adding it.

    However if the question was regarding your own pages and yahoo.com was just an example, you can simply set correct HTTP headers as specified in the articles, and you'd be good.

    0 讨论(0)
  • 2020-12-12 01:17

    Some websites like google, yahoo have been disabled the iframe embedding for their site. If you want to do that then grab their html using curl or file_get_conents on server side and show it.

    check the HTTP response header X-Frame-Option. I think for yahoo it should be deny or sameorigin that means only the page of yahoo can embed its other pages in iframe

    0 讨论(0)
  • 2020-12-12 01:18

    You're out of luck: yahoo.com doesn't allow you to embed their site in an iframe. Nor does facebook or other popular sites.

    The reason for this restriction is clickjacking.

    You can verify this by checking the response headers from their site; they specify X-Frame-Options:SAMEORIGIN which means only yahoo.com can embed yahoo.com pages.

    Some older browsers won't enforce the header but all new ones will. Afaik, there's no simple way around it.

    The only solution I can think of is implementing a proxy script, i.e. you embed a script that lives on your server that fetches the remote content for you.

    Eg. your iframe calls "/my-proxy.php?url=http://www.yahoo.com/" and that script would look like:

    <?php
    
    header('X-Frame-Options: SAMEORIGIN'); // don't allow other sites to use my proxy
    echo file_get_contents($_GET['url']);
    

    Your mileage may vary...

    0 讨论(0)
  • 2020-12-12 01:25

    Add 'Ignore X-Frame headers' plugin in google chorme then its working fine.

    0 讨论(0)
提交回复
热议问题