X-Frame-Options & iframe & CORS
https://github.com/xgqfrms/FEIQA/issues/23
X-Frame-Options
iframe & CORS
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
bug
Uncaught DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame.
sandbox
iframe & mdn
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe
const showDOM = (url = ``) => {
let iframeBox = $qs(`[data-img-box="empty-iframe-page-box"]`);
let no_data = `
<p data-no-data="p">
<span data-no-data="span">暂无数据</span>
</p>
`;
try {
if (url) {
let iframe = document.createElement(`iframe`);
iframe.src = url;
// sandbox
// srcdoc
iframe.style.height = `100%`;
iframe.style.width = `100%`;
iframe.style.minHeight = `300px`;
iframe.style.minWidth = `500px`;
iframe.setAttribute(`sandbox`, `allow-scripts`);
iframe.setAttribute(`sandbox`, `allow-scripts`);
iframe.setAttribute(`data-iframe`, `empty-iframe-page`);
iframe.setAttribute(`name`, `页面空模块`);
if (iframeBox) {
iframeBox.innerHTML = "";
iframeBox.insertAdjacentElement(`beforeend`, iframe);
}
}
} catch (err) {
// no data
iframeBox.innerHTML = "";
iframeBox.insertAdjacentHTML(`beforeend`, no_data);
throw new Error(`fetch image error`, err);
}
};
https://community.tableau.com/thread/157316
https://github.com/jeduan/cordova-plugin-facebook4/issues/323
https://stackoverflow.com/questions/6666423/overcoming-display-forbidden-by-x-frame-options#answer-7469997
https://developer.salesforce.com/forums/?id=906F00000009BRJIA2
https://blogs.msdn.microsoft.com/ie/2009/01/27/ie8-security-part-vii-clickjacking-defenses/
好像是服务器为了防止点击劫持,而设置的.
X-Frame-Options
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options#Configuring_Apache
OK
https://cn.bing.com/?intlF=&ensearch=1
x-frame-options: DENY
https://developer.mozilla.org/en-US/docs/Web/CSS/calc
iframe & HTTPS & CORS
https://iframe.xgqfrms.xyz/eapp/index.html#blog.sina.cn
©xgqfrms 2012-2020
www.cnblogs.com 发布文章使用:只允许注册用户才可以访问!