xgqfrms™, xgqfrms® : xgqfrms's offical website of cnblogs! xgqfrms™, xgqfrms® : xgqfrms's offical website of GitHub!

X-Frame-Options & iframe & CORS

X-Frame-Options & iframe & CORS

https://github.com/xgqfrms/FEIQA/issues/23

X-Frame-Options

iframe & CORS

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

bug

image

image

Uncaught DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame.

sandbox

image

iframe & mdn

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe



const showDOM = (url = ``) => {
    let iframeBox = $qs(`[data-img-box="empty-iframe-page-box"]`);
    let no_data = `
        <p data-no-data="p">
            <span data-no-data="span">暂无数据</span>
        </p>
    `;
    try {
        if (url) {
            let iframe = document.createElement(`iframe`);
            iframe.src = url;
            // sandbox
            // srcdoc
            iframe.style.height = `100%`;
            iframe.style.width = `100%`;
            iframe.style.minHeight = `300px`;
            iframe.style.minWidth = `500px`;
            iframe.setAttribute(`sandbox`, `allow-scripts`);
            iframe.setAttribute(`sandbox`, `allow-scripts`);
            iframe.setAttribute(`data-iframe`, `empty-iframe-page`);
            iframe.setAttribute(`name`, `页面空模块`);
            if (iframeBox) {
                iframeBox.innerHTML = "";
                iframeBox.insertAdjacentElement(`beforeend`, iframe);
            }
        }
    } catch (err) {
        // no data
        iframeBox.innerHTML = "";
        iframeBox.insertAdjacentHTML(`beforeend`, no_data);
        throw new Error(`fetch image error`, err);
    }
};

https://community.tableau.com/thread/157316

image

https://www.digitalocean.com/community/questions/blocking-iframe-because-it-set-x-frame-options-to-deny

https://stackoverflow.com/questions/20498831/refused-to-display-in-a-frame-because-it-set-x-frame-options-to-sameorigin

https://github.com/jeduan/cordova-plugin-facebook4/issues/323

https://stackoverflow.com/questions/6666423/overcoming-display-forbidden-by-x-frame-options#answer-7469997
https://developer.salesforce.com/forums/?id=906F00000009BRJIA2

https://blogs.msdn.microsoft.com/ie/2009/01/27/ie8-security-part-vii-clickjacking-defenses/

https://security.stackexchange.com/questions/67889/why-do-browsers-enforce-the-same-origin-security-policy-on-iframes

https://security.stackexchange.com/questions/167081/how-to-add-x-frame-options-header-to-a-simple-html-file

好像是服务器为了防止点击劫持,而设置的.

image

X-Frame-Options

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options#Configuring_Apache

image

OK

https://cn.bing.com/?intlF=&ensearch=1

https://cdn.xgqfrms.xyz/

image

x-frame-options: DENY

https://developer.mozilla.org/en-US/docs/Web/CSS/calc

image

iframe & HTTPS & CORS

https://iframe.xgqfrms.xyz/eapp/index.html#blog.sina.cn

©xgqfrms 2012-2020

www.cnblogs.com 发布文章使用:只允许注册用户才可以访问!

posted @   xgqfrms  阅读(141)  评论(3编辑  收藏  举报
编辑推荐:
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
阅读排行:
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· .NET10 - 预览版1新功能体验(一)
历史上的今天:
2016-08-21 CSS3 error
2016-08-21 web颜色名 速查列表,十六进制值,RGBA(),RGB() ,
2016-08-21 如何在页面中集成,富文本编辑器?
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛