Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
507 views
in Technique[技术] by (71.8m points)

php - Why Iframe dosen't work for yahoo.com

I find this doesn't work:

<iframe src="http://www.yahoo.com"> </iframe>

I have read this question, but I don't understand what they mean by add:

<?php
header('X-Frame-Options: GOFORIT'); 
?>

I tried to add this to the top of my html file(change it to php file, of course), and my php file became:

<?php
header('X-Frame-Options: GOFORIT'); 
?>
<iframe src="http://www.yahoo.com"> </iframe>

I run it in my appserv(with php 5.2.6), and it doesn't work. Could anybody explain what should I do exactly to overcome this?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You're out of luck: yahoo.com doesn't allow you to embed their site in an iframe. Nor does facebook or other popular sites.

The reason for this restriction is clickjacking.

You can verify this by checking the response headers from their site; they specify X-Frame-Options:SAMEORIGIN which means only yahoo.com can embed yahoo.com pages.

Some older browsers won't enforce the header but all new ones will. Afaik, there's no simple way around it.

The only solution I can think of is implementing a proxy script, i.e. you embed a script that lives on your server that fetches the remote content for you.

Eg. your iframe calls "/my-proxy.php?url=http://www.yahoo.com/" and that script would look like:

<?php

header('X-Frame-Options: SAMEORIGIN'); // don't allow other sites to use my proxy
echo file_get_contents($_GET['url']);

Your mileage may vary...


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...