I am deploying an <iframe> on a page on Site A as a quick and simple way to display a fragment from a complex page elsewhere on Site A:
<iframe src="http://site-a.com/complex-page/"></iframe>
Nothing displays in the <iframe> on Site A.
Troubleshooting:
- I checked
http://site-a.com/complex-page/in the browser and the page displays normally. - I tested the
<iframe>by usinghttp://site-b.com/complex-page/as the source and the<iframe>displays the external page on (external) Site B, as expected. - I tested the
<iframe>by usinghttp://site-a.com/complex-page-2/as the source and, once again, nothing displays in the<iframe>.
So... this is clearly something to do with Site A, if the <iframe> on Site A is not displaying any of several pages on Site A, but it is showing any of several pages on Site B.
This clearly isn't a same-origin issue - Site A is the same origin as Site A.
So what is preventing the displaying of the external page on Site A?
Additionally:
If I Right Click > This Frame > View Frame Source then I can see the HTML Source of the document loaded by the <iframe>... but whatever content or styles I add to the document, nothing displays.
That suggests the <iframe> is successfully accessing the page but then (for some reason) failing to display it.
Supporting information: The site is built with PHP server-side and with HTML5, CSS3 and Javascript client-side.
This problem was a little easier to solve, once I had understood that what I was facing was an
X-Frame-Optionsissue.Apparently
X-Frame-Optionscan have three values:DENYSAMEORIGINALLOW-FROM[URI]X-Frame-Optionscan be set in an.htaccessfile using any of the three values above.In this case I needed to add the following lines to my
.htaccessfile:Thanks to this page:
[Iframe] X-Frame-Options : website does not permit framing
http://techdc.blogspot.co.uk/2015/04/iframe-x-frame-options-website-does-not.html