I would like to create an iFrame of my website outside the InfinityFree server, however the code:
Is this an anti-bot protection system sending me a cookie and forcing browser to resend the request? How can I avoid errors and use IFrame for my website? Please help ~
@Tesseractan said:
I would like to create an iFrame of my website outside the InfinityFree server, however the code:throws an error:
Refused to display ‘Google Account Help’ in s frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’
Is this an anti-bot protection system sending me a cookie and forcing browser to resend the request? How can I avoid errors and use IFrame for my website? Please help ~
The website you want to make an iFrame has a .htaccess code that blocks iFrame request.
Like if you insert this code Header set X-Frame-Options DENY to your website’s .htaccess then any iFrame requests will be blocked.
So you can’t create an iFrame to a website if they don’t want iFrame request, any iFrame request will be blocked and there is no way to resolve this unless the Site Owner wants his/her website allowed to be requested on an iFrame.
Google.com is one of example of a website who doesn’t want their website to be requested on an iFrame.
Also you can use this iFrame option:
X-Frame-Options: SAMEORIGIN
SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin.
source: developer.mozilla.org
@UnknownLolz ,
Thank you for your comments however please note that src of iFrame is http://www.tesseractan.epizy.com/sl/projects/memory.php?w=8&h=6, but the error message is:
Refused to display ‘Google Account Help’ in s frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’ so a redirect is occuring. I thing it may be anti-bot protection system. How to take IT off?
@Tesseractan said:
@UnknownLolz ,
Thank you for your comments however please note that src of iFrame is http://www.tesseractan.epizy.com/sl/projects/memory.php?w=8&h=6, but the error message is:
Refused to display ‘Google Account Help’ in s frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’ so a redirect is occuring. I thing it may be anti-bot protection system. How to take IT off?
So what’s your website’s domain?
@Tesseractan said:
@UnknownLolz ,
Thank you for your comments however please note that src of iFrame is http://www.tesseractan.epizy.com/sl/projects/memory.php?w=8&h=6, but the error message is:
Refused to display ‘Google Account Help’ in s frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’ so a redirect is occuring. I thing it may be anti-bot protection system. How to take IT off?
Also delete the X-Frame-Options SAMEORIGIN in your .htaccess code if there is one.
Embedding pages on InfinityFree from other domains is not possible because of this security system: Ensuring only web browsers can access your website - Docs - InfinityFree Forum
You can use iframes to embed pages on the same domain, but not other domains. So you can embed pages from example.com in other pages of example.com, but not in example.net, even if the domain is hosted on the same account.
I would like to clarify for others
any website stored on IF servers can be inserted into <iframe>
maybe the problem is if the web page (iframe code) on another server is dynamically generated through some software and in that way hit bot protection here
it also depends on the security settings of that other server/website
but I think you should look at the settings on google
because I assume this is the server where you want that iframe
@OxyDac said:
I would like to clarify for othersany website stored on IF servers can be inserted into
<iframe>maybe the problem is if the web page (iframe code) on another server is dynamically generated through some software and in that way hit bot protection here
it also depends on the security settings of that other server/websitebut I think you should look at the settings on google
because I assume this is the server where you want that iframe
That doesn’t work for me. Did you open the URLs before you tried to view them in the embedded page? If so, your browser still contains the cookie from the security system, which is why you can still view the embedded page. If you clear cookies from the embedded domain and then reload your iframe page, the boxes will be empty.
tested on FF and Edge - all cookies are deleted
@OxyDac said:
tested on FF and Edge - all cookies are deleted
I’m on Chrome, I see two white boxes and a Javascript Console error saying Turn cookies on or off - Computer - Google Account Help cannot be loaded. Which is the URL you are redirected to by the browser verification system if your browser does not accept the cookies. And cookies are not set on content loaded through an iFrame.
Please double check the cookies are really deleted for tesseractan.epizy.com, not just for free-os.t-com.hr.
btw. free-os does not use cookies
probably some new fancy protection by chrome
It’s not the same iframe and the call of some resource like javascript
from other domains (or hot-link)
iframe is simply two different pages inside of “one”
and my browser simply takes the __test cookie/s,
passes the validation and rendering two different websites into one window
if I’m wrong I apologize
@OxyDac said:
btw. free-os does not use cookies
probably some new fancy protection by chrome
It’s not the same iframe and the call of some resource like javascript
from other domains (or hot-link)
iframe is simply two different pages inside of “one”
and my browser simply takes the __test cookie/s,
passes the validation and rendering two different websites into one windowif I’m wrong I apologize
Do you have “Bock 3rd Party Cookies” enabled in your browser? I do, and if you don’t, that might explain the different behavior. I’m not sure what the default is for either Chrome and Firefox. Safari on the other hand is said to block third party cookies by default.
If I open the website manually beforehand, the test cookie is set correctly and the iframes work. But without visiting the cookie existing beforehand, the browser challenge fails.
why did I start answering on this topic
because I wanted to defend IF so that people would not think how it was forbidden/or blocked
I’m sorry if it turns out that I challenge authority here
I just said my observations
can you do me a favour?
please delete all my comments in this topic
seriously ! ( I feel guilty )
here will be soon a lot of dead links anyway (from my side)
and then edit the content of your post in a way that sounds like a statement
or talk to “Tesseractan” and not a conversion to me
it will be more readable for all users
thank you 