how to resolve iframe cross domain issue
Solution 1
You need control over the domain you want to embed to remove/amend its CORS policy.
If the domain has explicitly blocked Cross-Origin requests, there's nothing you can do about it.
This is used to avoid anyone hijacking any site you want (you could have a full screen Google in an iframe running with your ads on top on bettergoogle.com, things like that).
This page will give you more insights on Cross-Origin
Solution 2
If you have the permission of the owner of the domain in the iframe, you can ask them to add your domain to their cross-origin policies so you can do this.
If you don't have permission to show their content on your site, I'm happy to say that modern browsers do not support such unethical behaviour, and there is no way of doing what you are trying to do.
Related videos on Youtube
11 : 01
01 : 11
01 : 16
01 : 30
01 : 11
user7159879
Updated on July 09, 2022Comments
-
user7159879 almost 2 years
I'm making web page that has to show another domain's web page.
For example, in my web html, there are two
<div>tags.Like :
<html> <head></head> <body> <div> <p> hello world </p> </div> <div> <!-- other domain's web page comes here --> </div> </body> </html>To resolve my issue, I should use
<iframe>,<embed>or<object>tags, but this causes the cross domain problem. So, I can't use it to show other domain's web page. They doesn't allow me to use it.So, for example :
<iframe src="http://stackoverflow.com"></iframe>It doesn't work. My web page can't show stackoverflow.com. Because, stackoverflow denies this.
I have searched lots of things with these issues. But they are just ajax or JSONP. It was not iframe.
Are there solutions to resolve my problem?? Or is it impossible to implement this?
-
madalinivascu over 7 yearshave you considered using screenshots of the pages instead of iframes? -
xShirase over 7 yearsalso, iframes should be killed with fire. it's suboptimal in most cases. -
madalinivascu over 7 years@xShirase i 120% agree with you :))
-
user7159879 over 7 years@madalin are there javascript plugin or solutions to get web page screen shot and show it immediately to my web page from given URL?
-
madalinivascu over 7 yearsuse a server side library , do them manually
-
olleicua over 5 years@xShirase iframes are not the issue. iframes are the scapegoat. the issue is just really complex. HTTP was insecure in a specific way that prevented a certain use-case of the web and CORS fixes that in a way that happened to make iframes really complicated. iframes are a valuable user interface tool.
-
-
Marius almost 4 yearsOk, we have control over the domain to be embedded. How to specify CORS policy for it to work?
-
Marius almost 4 yearsuseful to mention: Unless specifically restricted, by default iframe embedding 3rd party sites works.
-
Steven Schkolne over 2 years"CORS does not apply when attempting to programmatically access content from a cross-origin iframe. If you want to access content from an iframe on a different domain, you will need to make use of the Web Messaging API" -- stackoverflow.com/a/22413275/2603297
-
myworldbox about 2 yearsyour answer is useless lol
