skip to Main Content

An iframe error page that means another website, embedded in the iframe, refused to connect.

This is an example of an error page that you would find in an iframe. I believe that the web browser embeds these pages into iframes that have content that refuses to load due to the same-origin policy that prevents certain websites such as microsoft.com from loading into an iframe. But, that still doesn’t stop me from asking the community, "How can I detect if a website within an iframe has the same-origin policy?"

When Googling this exact phrase, you can’t really find any duplicates of my question. Is there any basic way to detect weather or not the website in the iframe has the same-origin policy that prevents it from displaying in an iframe?

(P.S., the websites that would have that policy would not be websites owned by me, or on the same domain as my website.)

2

Answers


  1. Based on MDN Same-origin Policy, the website named http://store.company.com/dir/page.html will be:

    1. Same-origin if the iframe http://store.company.com/dir2/other.html
    2. Same-origin if the iframe http://store.company.com/dir/inner/another.html
    3. not Same-origin if the iframe https://store.company.com/page.html –> Different Protocol
    4. not Same-origin if the iframe http://store.company.com:81/dir/page.html –> Different Port
    5. not Same-origin if the iframe http://news.company.com/dir/page.html –> Different Host

    To disable the Same-origin policy, you can try to put the header

    Access-Control-Allow-Origin: *
    

    in the server side.

    Login or Signup to reply.
  2. You can use Window.postMessage() and please refer to this page for more help

    https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search