Browser won't let iframe do redirection?
Google Chrome 23 and Firefox 18 are fooling me. I have a page where I have an iframe. When the button is clicked I want the iframe to openhttp://images.google.com
The problem is that the iframe will try to visit http://images.google.com , but once it receives the redirect instruction (which http://images.google.com issues) it stops and the page won't render. Why is this? Any solution?
Here's a snippet that demonstrates this problem:
<iframe id="panel" style="height: 800px; width: 100%" sandbox="allow-scripts" src="http://images.google.com">
</iframe>
source to share
This is a browser security issue called click prevention , part of which is to check the HTTP response header, X-Frame-Options . This header can be DENY
, SAMEORIGIN
or ALLOW-FROM
origin, which will prevent framing, prevent framing by external sites, or allow framing only by the specified site, respectively.
Simply put, when this http header exists, it prevents the site from rendering to <frame>
or <iframe>
. Since 2009, this HTTP header has been implemented in most browsers including IE8 +, Safari, Firefox, Chrome, and Opera.
Here the headers from images.google.com
, SAMEORIGIN
mean that the address can only be displayed inside the iframe when viewed throughgoogle.com
source to share