Why Iframe dosen't work for yahoo.com

江枫思渺然 提交于 2019-11-28 14:17:12

You're out of luck: yahoo.com doesn't allow you to embed their site in an iframe. Nor does facebook or other popular sites.

The reason for this restriction is clickjacking.

You can verify this by checking the response headers from their site; they specify X-Frame-Options:SAMEORIGIN which means only yahoo.com can embed yahoo.com pages.

Some older browsers won't enforce the header but all new ones will. Afaik, there's no simple way around it.

The only solution I can think of is implementing a proxy script, i.e. you embed a script that lives on your server that fetches the remote content for you.

Eg. your iframe calls "/my-proxy.php?url=http://www.yahoo.com/" and that script would look like:

<?php

header('X-Frame-Options: SAMEORIGIN'); // don't allow other sites to use my proxy
echo file_get_contents($_GET['url']);

Your mileage may vary...

You're having issues with Cross-origin resource sharing. Read these Wikipedia CORS and MDN CORS articles.

As for your snippet,

<?php
  header('X-Frame-Options: GOFORIT'); 
?>

needs to be added to the page being served and not to the page/code requesting it, which in this case would be yahoo.com. But as you don't serve yahoo.com yourself, there is no way of adding it.

However if the question was regarding your own pages and yahoo.com was just an example, you can simply set correct HTTP headers as specified in the articles, and you'd be good.

Some websites like google, yahoo have been disabled the iframe embedding for their site. If you want to do that then grab their html using curl or file_get_conents on server side and show it.

check the HTTP response header X-Frame-Option. I think for yahoo it should be deny or sameorigin that means only the page of yahoo can embed its other pages in iframe

Add 'Ignore X-Frame headers' plugin in google chorme then its working fine.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!