iframe拒绝显示 [英] iframe refuses to display

问题描述

我试图将一个简单的iframe加载到我的一个网页中，但它不显示。我在Chrome中遇到这个错误：

 拒绝显示'https://cw.na1.hgncloud.com/crossmatch/ index.do'，因为祖先违反了以下内容安全策略指令：frame-ancestors'self'https://cw.na1.hgncloud.com。 
 
 
加载'https://cw.na1.hgncloud.com/crossmatch/index.do'时遇到'X-Frame-Options'标题无效：'ALLOW-FROM https： //cw.na1.hgncloud.com'不是公认的指令。标题将被忽略。 
  

这是我的iframe的代码：

 < p>< iframe src =https://cw.na1.hgncloud.com/crossmatch/width =680height =500frameborder =0 >< / iframe中>< / p为H. 
  

我不确定这意味着什么。我已经加载了大量iframe，并且从未收到过这样的错误。

有什么想法？

谢谢

解决方案

这意味着http服务器在 cw.na1.hgncloud.com 发送一些http头文件告诉Chrome浏览器等浏览器允许加载该页面的iframe（ https://cw.na1.hgncloud.com/crossmatch / ）只能从同一个域名（cw.na1.hgncloud.com）托管的页面：

 内容-Security-Policy：frame-ancestors'self'https://cw.na1.hgncloud.com 
 X-Frame-Options：ALLOW-FROM https://cw.na1.hgncloud.com 
  

您应该阅读：

• https://developer.mozilla.org/en-US/docs/Web/Security/ CSP


• https：// developer.mozil la.org/en-US/docs/Web/Security/Same-origin_policy

I am trying to load a simple iframe into one of my web pages but it is not displaying. I am getting this error in Chrome:

Refused to display 'https://cw.na1.hgncloud.com/crossmatch/index.do' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://cw.na1.hgncloud.com".


Invalid 'X-Frame-Options' header encountered when loading 'https://cw.na1.hgncloud.com/crossmatch/index.do': 'ALLOW-FROM https://cw.na1.hgncloud.com' is not a recognized directive. The header will be ignored.

This is the code for my iframe:

<p><iframe src="https://cw.na1.hgncloud.com/crossmatch/" width="680" height="500" frameborder="0"></iframe></p>

I am not really sure what that means. I have loaded plenty iframes before and never received such errors.

Any ideas?

Thanks

解决方案

It means that the http server at cw.na1.hgncloud.com send some http headers to tell web browsers like Chrome to allow iframe loading of that page (https://cw.na1.hgncloud.com/crossmatch/) only from a page hosted on the same domain (cw.na1.hgncloud.com) :

Content-Security-Policy: frame-ancestors 'self' https://cw.na1.hgncloud.com
X-Frame-Options: ALLOW-FROM https://cw.na1.hgncloud.com

You should read that :

• https://developer.mozilla.org/en-US/docs/Web/Security/CSP
• https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy

这篇关于iframe拒绝显示的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！