I run into some trouble with an cross domain iframe hack.
I have an iframe “if1” on my page that contains another iframe “if2”.
The “top” page is runnung on domain A.
The page of if1 is runnung on domain B.
And the page of if2 is running on domain A.
What I want to do with that is: Running an authentication in if1, passing the result token to the url of if2 as hash and load if2. As when the page of if1 is loaded the token already is authenticated, I simply added if2 with already generated url as following snipped:
<iframe name="if2" id="if2" src="http://example.com/testing#token=8927348962028" onload="javascript:alert('loaded');" onerror="javascript:alert('unable to load iframe');" ></iframe>
Now, the if2 doesn’t load at all, it just stays white. I always get the alert with ‘unable to load iframe’ in it.
But this only happens when if1 is embedded in the “top” page. When I simply load the content of if1 in another tab of my browser, the if2 loads perfectly.
Could there be some policy that prevents second level iframes from being loaded? Or am I missing something?
I found the solution to my issue.
If you load page A with an iframe that loads page B and in there again an iframe that loads page A, you have a loop, cause page A loads page B and so on.
In my case the browser stopped loading the second iframe (the iframe that loads page A again).
This seems to be a normal behavior to prevent this kind of loops.
I simply added an ?innerframe=true parameter to the url of if2 and prevented the if1 from loading when that parameter is set. This way the loop disappears and so does the issue.
@Rune: Thanks for your help, the link to fiddle was very helpful to figure this out.