Angular 2 iframe拒绝显示 [英] Angular 2 iframe refused to display
问题描述
我有文字输入.我的目标是当我输入url然后按回车.我想在iframe中打开网址.但是某些站点返回错误.有没有办法在iframe中打开网页
I have text input. My goal is when I enter url then hit enter. I want to open url in iframe. But some sites return an error. Is there a way to open a web page in iframe
错误消息拒绝在框架中显示"https://www.mediamarkt.com.tr/",因为它将"X-Frame-Options"设置为"sameorigin".
Error message Refused to display 'https://www.mediamarkt.com.tr/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
推荐答案
您将无法显示服务器中iframe中的https://www.mediamarkt.com.tr/禁止在其域名之外呈现网页.
You won't be able to display https://www.mediamarkt.com.tr/ in iframe as server forbids rendering the page outside of its domain name.
响应标题 X-Frame-Options
指示应该从哪个源页面进行渲染.由于设置为 sameorigin
,因此仅来自 https://www.mediamarkt.com的应用程序.tr/域被允许在iframe中显示.
Response Header X-Frame-Options
indicates from which source(s) page should be able to render. As it is set to sameorigin
only applications from https://www.mediamarkt.com.tr/ domain are allowed to display it in iframe.
这是一种安全措施,目的是防止 clickjacking
攻击,该攻击可以防止用户被欺骗单击他们不应该单击的内容.
This is security measure in order to prevent clickjacking
attack which prevents users into being tricked to click something they shouldn't have.
您可以在以下URL的X-Frame-Options标头上找到更多信息: https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/X-Frame-Options
You can find more on X-Frame-Options header on the following URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
有关点击劫持的更多信息,请点击此处: https://owasp.org/www-community/attacks/Clickjacking
More on clickjacking can be found here: https://owasp.org/www-community/attacks/Clickjacking
这篇关于Angular 2 iframe拒绝显示的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!