为什么Iframe不适合yahoo.com [英] Why Iframe dosen't work for yahoo.com

问题描述

我发现这是行不通的：

 < iframe src =http://www.yahoo.com > < / iframe中> 
  

我已阅读此

 <？php 
 header（'X-Frame-Options：GOFORIT'）; 
？> 
  

我尝试将其添加到我的html文件的顶部（当然，将其更改为php文件），我的php文件变成了：

 <？php 
 header（'X-Frame-Options：GOFORIT ）; 
？> 
< iframe src =http://www.yahoo.com> < / iframe中> 
  

我在我的appserv中运行它（使用php 5.2.6），它不起作用。有人可以解释我该怎么做才能解决这个问题吗？ 解决方案

你运气不好：yahoo.com不会允许你将他们的网站嵌入到iframe中。 Facebook或其他热门网站也是如此。

此限制的原因是点击劫持。

您可以通过检查他们网站的响应标题来验证这一点;他们指定 X-Frame-Options：SAMEORIGIN 这意味着只有yahoo.com可以嵌入yahoo.com页面。

一些旧的浏览器不会执行标题，但所有新的浏览器都会执行。 Afaik，没有简单的方法。

我能想到的唯一解决方案是实现代理脚本，即您嵌入了一个脚本，该脚本位于您的服务器上，远程内容。

例如。你的iframe调用/my-proxy.php?url= http://www.yahoo.com/ ，该脚本会看起来像如：

 <？php 
 
 header（'X-Frame-Options：SAMEORIGIN'） ; //不允许其他网站使用我的代理
 echo file_get_contents（$ _ GET ['url']）; 
  

您的里程可能会有所不同...

I find this doesn't work:

<iframe src="http://www.yahoo.com"> </iframe>

I have read this question, but I don't understand what they mean by add:

<?php
header('X-Frame-Options: GOFORIT'); 
?>

I tried to add this to the top of my html file(change it to php file, of course), and my php file became:

<?php
header('X-Frame-Options: GOFORIT'); 
?>
<iframe src="http://www.yahoo.com"> </iframe>

I run it in my appserv(with php 5.2.6), and it doesn't work. Could anybody explain what should I do exactly to overcome this?

解决方案

You're out of luck: yahoo.com doesn't allow you to embed their site in an iframe. Nor does facebook or other popular sites.

The reason for this restriction is clickjacking.

You can verify this by checking the response headers from their site; they specify X-Frame-Options:SAMEORIGIN which means only yahoo.com can embed yahoo.com pages.

Some older browsers won't enforce the header but all new ones will. Afaik, there's no simple way around it.

The only solution I can think of is implementing a proxy script, i.e. you embed a script that lives on your server that fetches the remote content for you.

Eg. your iframe calls "/my-proxy.php?url=http://www.yahoo.com/" and that script would look like:

<?php

header('X-Frame-Options: SAMEORIGIN'); // don't allow other sites to use my proxy
echo file_get_contents($_GET['url']);

Your mileage may vary...

这篇关于为什么Iframe不适合yahoo.com的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！