This is an example of an error page that you would find in an iframe. I believe that the web browser embeds these pages into iframes that have content that refuses to load due to the same-origin policy that prevents certain websites such as microsoft.com from loading into an iframe. But, that still doesn’t stop me from asking the community, "How can I detect if a website within an iframe has the same-origin policy?"
When Googling this exact phrase, you can’t really find any duplicates of my question. Is there any basic way to detect weather or not the website in the iframe has the same-origin policy that prevents it from displaying in an iframe?
(P.S., the websites that would have that policy would not be websites owned by me, or on the same domain as my website.)
2
Answers
Based on MDN Same-origin Policy, the website named
http://store.company.com/dir/page.html
will be:Same-origin
if the iframehttp://store.company.com/dir2/other.html
Same-origin
if the iframehttp://store.company.com/dir/inner/another.html
Same-origin
if the iframehttps://store.company.com/page.html
–> Different ProtocolSame-origin
if the iframehttp://store.company.com:81/dir/page.html
–> Different PortSame-origin
if the iframehttp://news.company.com/dir/page.html
–> Different HostTo disable the Same-origin policy, you can try to put the header
in the server side.
You can use
Window.postMessage()
and please refer to this page for more help