locked
IFrame showing blank/empty content in IE and Firefox with 'sameorigin' console error -- RRS feed

  • Question

  • User-215451226 posted

    Apologize in advance if the question appears slightly basic in nature. But I can't get this to behave in the fashion I desire. Hence the post.
    I have a MVC5 web application. In one of the views of this application, I want to embed and show another webpage from the internet inside an iFrame; the page that I want to load is -

    https://www.sellcodes.com/pro_indigo

    I hope the picture is clear to you.

    The iFrame HTML code --

    <div class="row mb-5">
                        <iframe src="https://www.sellcodes.com/pro_indigo" style="width: 750px; height: 450px;">
                        </iframe>
                    </div>

    Pretty usual stuff.
    But when I run it, that sellcodes page does not show up in my iFrame. It is empty. Blank. For reference see the image --> [ https://imagebin.ca/v/5B4tCphd7HDK ]. It is simply blank. I cross checked with IE also, just to be sure if that's a browser issue. But it is blank there too.

    What's the grief? What did I miss please?

     I added this in my web.config; after seeing console error of 'sameorigin'.

    <httpProtocol>
        <customHeaders>
          <add name="X-Frame-Options" value="sameorigin" />
        </customHeaders>
      </httpProtocol>

    Still doesn't do it. No improvement. What else needs to be done? A quick precise solution anyone?

    Thx

    Tuesday, February 4, 2020 7:05 AM

Answers

  • User665608656 posted

    Hi PGChoudhury,

    By testing your code, I reproduced this problem.

    Obviously, the website of IFrame request sets the response header to SAMEORIGIN, which means that they are not allowed to load the resource in IFrame outside its domain.

    On the request side, you cannot prevent this behavior.

    For more details, you can refer to:

    X-Frame-Options

    Best Regards,

    YongQing.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, February 5, 2020 5:08 AM

All replies

  • User665608656 posted

    Hi PGChoudhury,

    By testing your code, I reproduced this problem.

    Obviously, the website of IFrame request sets the response header to SAMEORIGIN, which means that they are not allowed to load the resource in IFrame outside its domain.

    On the request side, you cannot prevent this behavior.

    For more details, you can refer to:

    X-Frame-Options

    Best Regards,

    YongQing.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, February 5, 2020 5:08 AM
  • User-215451226 posted

    Hi @YongqingYu --

    Thanks for reply,

    So in essence - the page https://www.sellcodes.com/pro_indigo cannot be loaded any whichever way on an MVC view of my project?
    Or,
    Maybe not inside an iFrame, but is there any other possible way? By any other trick/technique, possibly?

    Your thoughts,

    Wednesday, February 5, 2020 7:09 AM
  • User409696431 posted

    If that site does not want other sites to publish its information inside those other sites, please respect their wishes.  If you want their content, ask them for permission and see where that goes.

    Wednesday, February 5, 2020 8:22 PM
  • User-215451226 posted

    Hi @KathyW

    yep, makes sense. I'll have a speak with their tech team and ask if it is possible some way.

    Generally speaking this was so common place earlier, say 10-11 years ago. People used to embed/iframe all the time other site pages inside their own.

    Thursday, February 6, 2020 6:37 AM
  • User409696431 posted

    "People used to embed/iframe all the time other site pages inside their own."

    Ah, but it should not have been common.  It is publishing someone else's copywrited information on your own site, with no permission.  That's why the "don't do it" cross origin header was developed.

    Thursday, February 6, 2020 7:40 AM
  • User-215451226 posted

    The information is not someone else's, The information is mine. My page and my profile on that site, just like you have your page on facebook or myspace. If you cared to follow the thread from the beginning.
    The only thing correct about your comment is that the domain/site is theirs.

    There is a difference. Anyway, thanks for your speaking, I'm trying a few solutions of my own.

    Friday, February 7, 2020 7:28 AM
  • User409696431 posted

    If that site is yours, then you could change the headers that block cross-site iframe.  If the information is yours, not the site, why not simply put your information in your site directly, not by iframing another site?

    Friday, February 7, 2020 4:46 PM