html frames and iframes from other sites that won’t load: some links
Posted by jpluimers on 2020/05/14
Back in the days, framing stuff from other sites would just work. Nowadays, often they don’t because of a variety of reasons, often the site not wanting to be embedded, which is OK with me.
But it pays knowing what they do and how they do it, to ensure it is not an accidental setting of the address bar URL to the wrong value like in
if(top != window) { top.location = window.location }
So here are some links for me to dig deeper when I encounter framing issues again:
- [WayBack] asp.net – How Can I Bypass the X-Frame-Options: SAMEORIGIN HTTP Header? – Stack Overflow
- Result: [WayBack] Loading page with X-Frame-Options in an iframe using YQL – JSFiddle
- [WayBack] Loading page with X-Frame-Options in an iframe using YQL – JSFiddle Test your JavaScript, CSS, HTML or CoffeeScript online with JSFiddle code editor.
[WayBack] Headers to block iframe loading
- [WayBack] Play safely in sandboxed IFrames – HTML5 Rocks
- [WayBack] HTML for embed another page by iframe, without border · GitHub
- [Archive.is] All your websites are belong to us (with a reverse proxy) — oncletom.io
- [WayBack] rewrite – Is it possible to replace content on every page passed through a proxy similar to how mod_rewrite is used for URLs? – Server Fault
- [Archive.is] mod_substitute – Apache HTTP Server Version 2.4
- [Archive.is] mod_substitute – Apache HTTP Server Version 2.5
- [WayBack] How to Use Apache to Replace Strings in Responses – ServerPilot
- [WayBack] How to Inject html in outgoing responses using Apache Substitute module
- [WayBack] mod_substitute is cool. But, be careful with mod_proxy
- [Archive.is] Better SSL with mod_substitute – Mostly Harmless
My basic idea for a workaround is to go through a proxy.
It looks like others had this idea too, so some links future reading via cors proxy – Google Search:
- [WayBack] GitHub – afeld/jsonp: A proxy to help with cross-domain requests
- [WayBack] GitHub – Rob–W/cors-anywhere: CORS Anywhere is a NodeJS reverse proxy which adds CORS headers to the proxied request.
- [WayBack] Demo of CORS Anywhere
- [WayBack] cors.io by Dean Pierce 🌎 (@deanpierce) | Twitter
- [WayBack] x-frame-bypass/x-frame-bypass.js at master · niutech/x-frame-bypass · GitHub
- [WayBack] X-Frame-Bypass Web Component Demo
–jeroen
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;"> | |
| </head> | |
| <body style="margin:0px;padding:0px;overflow:hidden"> | |
| <iframe src="__URL_HERE__" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe> | |
| </body> | |
| </html> |
The Wiert Corner - irregular stream of stuff 
Leave a Reply