iframe does not work with external websites

Asked

Viewed 8,196 times

0

I am developing a panel with several iframes, however, putting external sites as google.com is not opening anything in iframe

<html>
    <body>
        <h1>ADM</h1>
        <iframe src="http://google.com"></iframe>
    </body>
</html>

Upshot: https://educapp-davidev.c9users.io/admin/

html iframe

1 answer

3


It is because your site uses HTTPS and you are trying to inject into an HTTP site, so it causes the error:

Mixed Content: The page at 'https://educapp-davidev.c9users.io/admin/' was Loaded over HTTPS, but requested an insecure Resource 'http://google.com/'. This request has been blocked; the content must be served over HTTPS.

Maybe this using HTTPS on your site and HTTPS on iframe, maybe it works:

<html>
    <body>
        <h1>ADM</h1>
        <iframe src="https://google.com"></iframe>
    </body>
</html>

But remember there are other types of locks, such as headers Frame-Options and Content-Security-Policy what external site might be using

more details on:

Alternative

The alternative is something complex and has no guarantees, you can create a kind of proxy with CURL inside your server to access external websites.

Create a file called webproxy.php and add

<?php
set_time_limit(0);

if (empty($_GET['url']) || preg_match('#^(http|https)://[a-z0-9]#i', $_GET['url']) === 0) {
    echo 'URL inválida';
    exit;
}

$url = $_GET['url'];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, false);

//Envia o user agente do navegador atual
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

//Pega os dados
$data = curl_exec($ch);

//Fecha o curl
curl_close($ch);

$ch = NULL;

$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

if($data === false) {
    http_response_code(404);
    echo 'Curl error: ' . curl_error($ch);
} elseif ($httpcode !== 200) {
    http_response_code($httpcode);
} else {
    $finfo = new finfo(FILEINFO_MIME_TYPE);
    header('Content-Type: ' . $finfo->buffer($data));
    echo $data;
}

And request in iframe by:

<iframe src="webproxy.php?url=https://google.com"></iframe>

  • I switched to HTTPS and it wasn’t

  • @Davidev even if you put HTTP google force HTTPS with redirect.

  • Is there any cool to open sites with blocking Content-Security-Policy?

  • @Davidev tries to use HTTPS on both, on the Content-Security-Policy there’s no way, if it wouldn’t be a security breach.

  • It’s because I’m actually trying to open the Pagseguro... Quieter, thanks buddy!

  • @Davidev better open pagseguro the way indicated in their API.

  • I want to put several iframes next to each other, one of the pag, the other with other things tended

  • 1

    @Davidev understand I understood yes, the problem is that you are wanting to "decorate" things maybe without need, the best is to use as per their documentation (pagseguro) reported, outside that a lot of iframes is more a hassle for the user than facilitator. ;)

Show 3 more comments

Browser other questions tagged html iframe

You are not signed in. Login or sign up in order to post.