动态创建的iframe的内容为空 [英] content of dynamically created iframe is empty
问题描述
在我的本地主机上,我使用以下JavaScript来创建 iframe ,其中 src ,并将其添加到文档:
$('#preview')。html('< iframe src =http:// google。 COM />< / iframe中>');
iframe显示内容但不显示内容。在firebug中,它只是:
< iframe src =http://google.com/>
< html>
< head>< / head>
< body>< / body>
< / html>
< / iframe>
当我执行 $('iframe')。attr('src' ,'http://google.com/'); 在控制台上,浏览器加载(说等待google.com ...),然后似乎刷新iframe的内容。但是它又是空的。
然而,如果我将它设置为本地页面,则会加载内容。
<这是因为相同的原产地政策?我不知道这件事。我做了一些谷歌搜索,我很困惑,因为有些网站说可以包含一个带有不属于你自己的域的src的iframe,有人说这是不可能的。
顺便说一句,因为我还在localhost上测试,如果我将它上传到某个服务器的某个地方,是否可以工作? (但是iframe的src仍然会在不同的域中)
帮助?
拒绝显示文档,因为显示被X-Frame-Options禁止。
所以,这不是你的错误,而是对的一部分。
X-Frame-Options 的两个选项是:
-
deny- 在框架内不渲染,并且
-
sameorigin- 如果原产地不符合,则不会呈现
参考文献:
-
X-Frame-Options响应标题,位于MDN 。 -
X-Frame-Optionsat Wikipedia 。 Overcoming由X-Frame-Options禁止显示(这里是堆栈溢出)。 li>
On my localhost, I am using the following JavaScript to create an iframe with src, and add it to the document:
$('#preview').html('<iframe src="http://google.com/"></iframe>');
The iframe shows but not the content. In firebug, it's just:
<iframe src="http://google.com/">
<html>
<head></head>
<body></body>
</html>
</iframe>
When I execute $('iframe').attr('src','http://google.com/'); on the console, the browser loads (says "Waiting for google.com..."), then seems to refresh the content of the iframe. But again, it's empty.
If I set it to a local page, though, the content is loaded.
Is this because of the same origin policy? I'm not so informed about it. I did some googling and I'm confused because some sites say that it's okay to include an iframe with src that doesn't belong to your own domain, and some say it's not possible.
By the way, since I'm still testing on localhost, would this work if I uploaded this to a server somewhere? (but src of iframe will still be in a different domain)
Help?
If you'd checked your browser's error console, you'd have seen this message:
Refused to display document because display forbidden by X-Frame-Options.
So, this isn't an error on your part, but a deliberate action on the part of Google.
The two options for the X-Frame-Options are:
deny- no rendering within a frame, andsameorigin- no rendering if origin mismatch
References:
X-Frame-Optionsresponse headers, at MDN.X-Frame-Optionsat Wikipedia.- Overcoming "Display forbidden by X-Frame-Options" (here on Stack Overflow).
这篇关于动态创建的iframe的内容为空的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
