使用没有工作阶段或Cookie资料的iFrame（无痕式） [英] Use an iFrame without session or cookie data (incognito)

问题描述

如果在HTML文档中使用 iFrame 元素，则子页面将加载来自浏览器的所有会话和Cookie数据。

例如：

 <！DOCTYPE html& 
< html lang =en> 
< head> 
< meta charset =utf-8> 
< title> iFrame中的堆栈溢出< / title> 
< / head> 
< body> 
< h1> iFrame中的堆栈溢出< / h1> 
< iframe src =http://stackoverflow.comwidth =640height =480/> 
< / body> 
< / html> 
  

暂时忽略SO实际上不允许在iFrame中加载。如果是这样，iFrame加载的SO页将显示您已登录。

如何在没有任何Cookie或会话数据的情况下使用iFrame？ / strong>（如Chrome中的隐身模式）

为什么？

公司销售一个产品（网络应用程序）为人们建立自定义网站。当他们通过身份验证，并访问他们的网站时，我们向他们显示用户界面的授权版本，以便他们可以编辑内容。未授权的用户只能看到静态网站。使用多个浏览器或清除Cookie不是我们用户的合理期望，因此我们希望在iFrame中向他们展示其网站的预览，以便他们可以看到他们的访问者会看到什么。我们还希望使用较小的分辨率iFrames展示网站的移动预览，以便他们可以看到访问者在电话上访问网站时会看到的内容。这些iFrame需要在无法访问浏览器的Cookie或会话数据的情况下加载，这样就像Chrome在无痕模式下一样，这些iFrame会以未授权模式加载。

我还没有尝试过，因为我不知道从哪里开始。我确实发现 HTML5添加了一些 sandbox 属性值到 iFrame 元素，但是它们都不能帮助解决这个问题。

注意：我们的目标只是使用有效的HTML5

<如果你完全控制webstack不会更容易添加一个预览参数，将用户视为未经验证？

例如：

 < iframe src =http://stackoverflow.com?preview=1 width =640height =480/> 
  

如果预览标记存在，则忽略您的授权检查。

If you use an iFrame element in an HTML document, the child page will load with all of the session and cookie data from the browser.

For example:

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>Stack Overflow in an iFrame</title>
  </head>
  <body>
    <h1>Stack Overflow in an iFrame</h1>
    <iframe src="http://stackoverflow.com" width="640" height="480" />
  </body>
</html>

Ignore for a moment that SO doesn't actually allow itself to be loaded in an iFrame. If it did, the SO page loaded by the iFrame would show you as signed in.

How can I use an iFrame without any cookies or session data? (like incognito mode in Chrome)

Why?

My company sells a product (web-app) for people to build customized websites with. When they are authenticated, and they visit their website, we show them the auth'ed version of the UI so that they can edit the content. Un-auth'ed users only see the static website. Using multiple browsers or clearing cookies is not a reasonable expectation of our users so we want to show a preview of their site to them in an iFrame so they can see what their visitors would see. We also want to show "mobile" previews of the site with smaller resolution iFrames so that they may see what their visitors would see if they came to the website on a phone. These iFrame(s) need to be loaded without access to the browser's cookies or session data so that they load in un-auth'ed mode, just like Chrome does in incognito mode.

I haven't tried anything yet because I don't know where to start. I did find out that HTML5 added some sandbox attribute values to the iFrame element, but none of them seem to help with this problem. Maybe something could be done with JavaScript, we do already use jQuery in our project.

Note: We aim to only use valid HTML5

解决方案

If you fully control the webstack wouldn't it be easier to add a preview parameter that treats the user as unauthenticated?

For instance:

<iframe src="http://stackoverflow.com?preview=1" width="640" height="480" />

Followed by bypassing your authorization checks if the preview flag exists.

这篇关于使用没有工作阶段或Cookie资料的iFrame（无痕式）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！