iframe 拒绝显示 [英] iframe refuses to display

问题描述

我正在尝试将一个简单的 iframe 加载到我的一个网页中，但它没有显示.我在 Chrome 中收到此错误:

I am trying to load a simple iframe into one of my web pages but it is not displaying. I am getting this error in Chrome:

Refused to display 'https://cw.na1.hgncloud.com/crossmatch/index.do' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://cw.na1.hgncloud.com".


Invalid 'X-Frame-Options' header encountered when loading 'https://cw.na1.hgncloud.com/crossmatch/index.do': 'ALLOW-FROM https://cw.na1.hgncloud.com' is not a recognized directive. The header will be ignored.

这是我的 iframe 的代码:

This is the code for my iframe:

<p><iframe src="https://cw.na1.hgncloud.com/crossmatch/" width="680" height="500" frameborder="0"></iframe></p>

我不太确定这意味着什么.我之前加载了很多 iframe，但从未收到过这样的错误.

I am not really sure what that means. I have loaded plenty iframes before and never received such errors.

有什么想法吗?

推荐答案

这意味着 cw.na1.hgncloud.com 的 http 服务器发送一些 http 标头来告诉像 Chrome 这样的网络浏览器允许仅从页面加载该页面 (https://cw.na1.hgncloud.com/crossmatch/) 的 iframe托管在同一域 (cw.na1.hgncloud.com) 上:

It means that the http server at cw.na1.hgncloud.com send some http headers to tell web browsers like Chrome to allow iframe loading of that page (https://cw.na1.hgncloud.com/crossmatch/) only from a page hosted on the same domain (cw.na1.hgncloud.com) :

Content-Security-Policy: frame-ancestors 'self' https://cw.na1.hgncloud.com
X-Frame-Options: ALLOW-FROM https://cw.na1.hgncloud.com

你应该阅读:

• https://developer.mozilla.org/en-US/docs/Web/Security/CSP
• https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy

这篇关于iframe 拒绝显示的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！