Identifying iframe-unfriendly sites in rails — even when x-frame-options is missing from header -


background:

i'm working on rails app open articles inside app via iframe (with navbar @ top app, kind of stumbleupon). i've noticed websites publish articles (examples: pitchfork.com, vox.com, theverge.com) prevent being loaded in iframe setting x-frame-options sameorigin or deny.

my current plan work around @ header link , examine see if contains x-frame-options. if so, set forego iframe , open original site in new tab.

this method seems work websites (like pitchfork.com) because when request header pitchfork.com, following:

server: nginx/1.4.6 (ubuntu) content-type: text/html; charset=utf-8 x-frame-options: sameorigin date: wed, 27 jan 2016 17:47:54 gmt x-varnish: 912263733 912263044 age: 8 via: 1.1 varnish connection: keep-alive

problem:

for websites (like vox.com), when load them in iframe, the chrome developer console tells me x-frame-options preventing site loading in iframe. when examine header, x-frame-options found! this:

server: nginx/1.6.2 date: wed, 27 jan 2016 17:26:15 gmt content-type: text/html content-length: 172 connection: close

how vox.com doing this? further clarification, tried using this tool found in stackoverflow post , failed correctly detect vox.com blocking iframes via x-frame-options.

1) vox able set x-frame-options somewhere other header? if latter, how can detect , find that?

2) other alternate strategies recommend detecting iframe-unfriendly sites can have them set open in new tab instead?

take @ network traffic recorded in chrome console. in app, you're looking @ headers of http 301 moved permanently response, redirects location return x-frame-options: sameorigin header.

other methods, such newer content-security-policy header or javascript code, may used other websites prevent iframe embedding. in case of vox.com, you're looking @ headers of wrong response.


Comments

Post a Comment

Popular posts from this blog

php - Wordpress website dashboard page or post editor content is not showing but front end data is showing properly -

Image
recently have uploaded wordpress site onto server. have uploaded wordpress site in sub-folder under root folder ../root(domain root folder)/wordpress (where host wordpress folder). now problem content data in page or post in dashboard of wordpress admin panel not showing - see image. but data showing in front view - see image. if not browser cache issue , not issue happened tinymce editor during upgrade; try add config file: define('concatenate_scripts', false);
Read more

javascript - Get parameter of GET request -

i make request: createxhrrequest( "get", fileurl, function( err, response ) { if( err ) { alert( "error get!" ); } alert(response); }); and full response: { "status" : "ok", "message" : "jvberi0xljqkjdduxdgkmy how can jvberi0xlj ? i try response.message , response["message"]. nothing works. just simple access this: var json = json.parse(response); json.message
Read more

javascript - Twitter Bootstrap - how to add some more margin between tooltip popup and element -

Image
i have not tryed since can't understand space between tooltip , element made/added bootstrap, tooltip near element triggers tooltip event. i make tooltip opening little bit away element, add more margin tooltip , eleemnt mean. i understand how in css if possible , if possible make both right,left,top,bottom tooltips hope question clear. this how tooltips looks on app: and , how should looks after this default css tooltip on top : .tooltip.top { padding: 5px 0; margin-top: -3px; } you can override in own css : .tooltip.top { margin-top: -10px; } note code work work tooltip on top, you'll nedd adapt css 3 other orientations : .tooltip.top { margin-top: -10px; } .tooltip.right { margin-left: 10px; } .tooltip.bottom { margin-top: 10px; } .tooltip.left { margin-left: -10px; }
Read more