Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Can iframes be turned on/off on the server-side?
Shouldn’t <iframe/> support be client-side? Is it possible that GoDaddy has <iframe/>s disabled by default? Is this even something that can be controlled server-side? This is just a standard Apache httpd server with no bells/whistles (no app servers, proxies, etc.). Is there some kind of server-side JavaScript that GoDaddy could be executing “around” my pages that prevents <iframe/>s from being used? Thanks in advance!
A web SERVER can request via a HTTP header in a response that browsers not allow resources to be in frames. It’s a security measure.
Browser request to server:
Server response to browser:
Each browser can implement what to do with that request. An example might be badsite.html having an IFRAME with bank.html in it, then trying to do bad things with it. The server hosting bank.html can request that bank.html not be allowed in a frame (via “DENY”). A “good” browser will recognize the request and not allow bank.html in a frame. If for some reason bank.html should be in a frame, but only in one from THEIR OWN site, they could use the “SAMEORIGIN” option, which would work on their site but not on anyone else’s site. Default is to allow frames in general.