谷歌主页不会加载iframe [英] google homepage will not load in an iframe

问题描述

真的无法理解为什么雅虎iframe会起作用但谷歌没有：

Really cannot understand why yahoo iframe works but the google one does not:

<!DOCTYPE html><html><body>
<iframe frameborder="0" src="http://www.yahoo.com"></iframe>
<iframe frameborder="0" src="http://www.google.com"></iframe>
</body></html>

任何想法？

推荐答案

来自 http://msdn.microsoft .com / zh-CN / library / cc288472（v = vs.85）.aspx #search

Clickjacking Defense：一些黑客试图欺骗用户点击似乎执行安全或无害功能的按钮，而是执行不相关的任务。 Clickjackers使用透明框架嵌入恶意代码或纠正用户界面，这些框架覆盖了具有误导性文本和图像的特定UI元素。为了帮助防止点击劫持，网站所有者可以发送带有HTML页面的名为X-Frame-Options的HTTP响应标头来限制页面的框架。

Clickjacking Defense: Some hackers try to trick users into clicking buttons that appear to perform safe or harmless functions, but instead perform unrelated tasks. Clickjackers embed malicious code or "redress" the user interface by using transparent frames that overlay specific UI elements with misleading text and images. To help prevent clickjacking, Web site owners can send an HTTP response header named X-Frame-Options with HTML pages to restrict how the page may be framed.

X-Frame-Options: Deny

如果X-Frame-Options值如果包含令牌Deny，则Internet Explorer 8会阻止页面在帧中包含时呈现。如果值包含令牌SameOrigin，则如果顶级浏览上下文与包含该指令的页面的原点不同，则Internet Explorer将不呈现该页面。被阻止的页面将替换为此内容无法在框架中显示错误页面。

If the X-Frame-Options value contains the token Deny, Internet Explorer 8 prevents the page from rendering if it is contained within a frame. If the value contains the token SameOrigin, Internet Explorer will not render the page if the top level-browsing-context differs from the origin of the page containing the directive. Blocked pages are replaced with a "This content cannot be displayed in a frame" error page.

这篇关于谷歌主页不会加载iframe的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！