Html 将 Facebook 加载到 iframe 中
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9680215/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Load Facebook into an iframe
提问by auino
I can't load facebook into an iframe, in a web page like the following one:
我无法将 facebook 加载到 iframe 中,在如下所示的网页中:
<html>
<head>
<!-- some stuffs here -->
</head>
<body>
<!-- some stuffs here -->
<iframe src="http://www.google.com" frameborder="0">
</iframe>
</body>
</html>
I've tested it with other websites and it seems to load without problems for instance for wired.com, but not for facebook.com...
我已经在其他网站上对其进行了测试,它似乎可以正常加载,例如 for wired.com,但不适用于facebook.com...
Can anyone explain me why?
谁能解释我为什么?
I'm using Google Chrome and Safari, if needed.
如果需要,我正在使用 Google Chrome 和 Safari。
It seems to be as if Google blocks iframe loading of its page.
似乎谷歌阻止了其页面的 iframe 加载。
回答by samuirai
If you use Firebug or Google Chrome's developer console, you can see the following error
如果使用 Firebug 或 Google Chrome 的开发者控制台,可以看到如下错误
Refused to display document because display forbidden by X-Frame-Options.
DENY
The page cannot be displayed in a frame, regardless of the site attempting to do so.SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page itself.
DENY
页面无法显示在框架中,无论站点是否尝试这样做。SAMEORIGIN
页面只能显示在与页面本身相同来源的框架中。
Here is another related stackoverflow question Overcoming “Display forbidden by X-Frame-Options”
这是另一个相关的计算器溢出问题 克服“X-Frame-Options 禁止显示”
回答by Ali Khalid
Google and Facebook are using a X-Frame-Options in the HTTP response header to avoid the content being loaded in a iFrame.
Google 和 Facebook 在 HTTP 响应标头中使用 X-Frame-Options 以避免将内容加载到 iFrame 中。
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or . Sites can use this to avoid clickHymaning attacks, by ensuring that their content is not embedded into other sites.
X-Frame-Options HTTP 响应标头可用于指示是否应允许浏览器以 或 格式呈现页面。网站可以使用它来避免点击劫持攻击,确保他们的内容没有嵌入到其他网站中。
Source: https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
来源:https: //developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
I don't think it is possible for you to override this setting.
我认为您不可能覆盖此设置。
