How to open other web sites inside angular application

html angular iframe x-frame-options

18,031

Solution 1

'X-Frame-Options' are enforced by the owners/servers so that people cannot use their site as a in other sites using Iframe .

Think like a situation : if you launch google in iframe in your whole page , then you can use your url to serve google, you can do many more crazy things also .

There are some chorme/FF extension you can use it to bypass. But you cannot expect that your all users will be using that.

https://chrome.google.com/webstore/detail/ignore-x-frame-headers/gleekbfjekiniecknbkamfmkohkpodhe

Solution 2

basically the headers for a website are set in web server, if the headers 'X-Frame-Options' on files are set as sameorigin, you cannot load the site from any other origin.

'X-Frame-Options' is the header set to basically not allow anyone to load your website inside another website.

only thing you can do is, open the site in a new tab / window, or you can just redirect inside same app.

18,031

Vignesh Ammasi

I am also a programmer just like you

Updated on July 18, 2022

Comments

Vignesh Ammasi almost 2 years
I am trying to load the other website where I will have a list of websites. If I click on the website link it has to open the website inside my angular application. Is there any option available in angular or anywhere that I can use to load the site where they restrict to load the sites

I have tried with HTML tag elements iframe, embed, object and jquery load functions to load the site. Some of the websites are opening and some sites restrict to open on other applications
```
<html>
<body>
<iframe src="https://stackoverflow.com" height="100%" width="100%"></iframe>
</body>
</html>
```
In angular
```
  <div >
    <iframe id="companyFrame" [src]="sourceURL | safe" class="frame"> 
    </iframe>
  </div>

  @Pipe({ name: "safe" })
  export class SafePipe implements PipeTransform {
  constructor(private sanitizer: DomSanitizer) {}
  transform(url) {
    return this.sanitizer.bypassSecurityTrustResourceUrl(url);
   }
  }
```
For example, I expect to load StackOverflow home page site but I got an error like Refused to display 'https://stackoverflow.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'. It is browser default options to restrict load the page in iframe if the site owner does not want to allow it. So I want alternative options instead of iframe
Vignesh Ammasi almost 5 years

I have tried that too by creating safe pipe module with sanitizing bypassSecurityTrustResourceUrl but it did not work as well
Vignesh Ammasi almost 5 years

object and embed tags also not providing a solution
Vignesh Ammasi almost 5 years

It will help to solve the problem or at least from development perspective
Vignesh Ammasi almost 5 years

window.open will open a new tab in the browser. But I want to add the page content in one of html element in my application
Pranoy Sarkar almost 5 years

if you have ownersip or connection with the site the, then you can easily disable this restriction. If it resolves your issue , please mark it as accepted :)
Shubham almost 5 years

then used <iframe src="https://stackoverflow.com" height="100%" width="100%" target="_self"></iframe>
Lenzman almost 3 years

To know how to create a pipe using DOM sanitizer follow this