Google Chrome won't allow IFRAME to load an HTML file

E

6

11

I've got this iframe that is working fine on FF, but it doesn't seem to load up on Google Chrome.

Could someone tell me why this is happening?

My iframe:

<iframe src="http://tripsketch.com/page?s=TheCavendish#!Id=1024&Name=London&Type=City&view=Attraction" height="700" width="990" frameborder="0" scrolling="no">
</iframe>

Escutcheon answered 14/8, 2013 at 4:7 Comment(0)

E

2

Problem was with chrome version 27.xx & 28.xxx In this version chrome was having issue of url redirection,giving empty result(302 error).

Escutcheon answered 3/9, 2013 at 10:5 Comment(1)

how to solve this version problem.. im also face iframe problem in mozilla due to new version iframe does not work.. my code correctly run on old versins of mozilla – Catcher 4/7, 2014 at 8:5

T

12

I tested it and it works OK in chrome on my end. My guess is that you have it set up so the page containing the iframe is being accessed via https. If the page is https, you cannot load a iframe on that page that is not https. It will result in a "mixed-content error" and for security purposes it will not load.

It works in FF because FF is more lax about this security restriction and Chrome happens to be more strict on mixed-content errors.

Trichinosis answered 14/8, 2013 at 4:21 Comment(2)

Thanks for this info. I came across this problem in a test env. In chrome ver 31 it gives a helpful error message in the console if you look there: [blocked] The page at 'example.com/test.html' was loaded over HTTPS, but ran insecure content from 'example.com/iframe.html': this content should also be loaded over HTTPS. – Pandybat 6/11, 2013 at 21:52

What if the site is HTTP and you're trying to load HTTPS content in the iframe? – Gainless 11/10, 2019 at 18:59

E

2

Problem was with chrome version 27.xx & 28.xxx In this version chrome was having issue of url redirection,giving empty result(302 error).

Escutcheon answered 3/9, 2013 at 10:5 Comment(1)

how to solve this version problem.. im also face iframe problem in mozilla due to new version iframe does not work.. my code correctly run on old versins of mozilla – Catcher 4/7, 2014 at 8:5

F

1

i have the same issue, i dont know for what, it think is because chrome blocks for security, anyway, i can resolve like this:

in your html:

<embed src='your_path' width='100%' height='100%'  type="application/pdf" />

Financial answered 9/10, 2018 at 18:19 Comment(0)

N

0

Adding the solution for someone who might be struggling like me. I solved the issue by adding the option for Content Security Policy.

<httpProtocol>
  <customHeaders>
    <add name="Content-Security-Policy" value="frame-ancestors https://www.<preferredwebsitedomain>.com" />
    <!-- Test this option as Chrome supports CSP now for Iframe opening-->
  </customHeaders>
</httpProtocol>

Nonagon answered 19/7, 2018 at 6:30 Comment(2)

Where do you place this? In the header? – Gainless 11/10, 2019 at 19:1

developer.mozilla.org/en-US/docs/Web/HTTP/CSP might help. But yes @AaronFranke - you'll need to adjust the headers your server is respnding with. "Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware." – Felspar 11/12, 2020 at 19:5

L

0

I faced the issue after the latest Chrome updates. My iframe stopped working despite the fact that it was https iframe inside of the https web site.

Here is the text of my error

Chrome
Specify a Cross-Origin Embedder Policy to prevent this frame from being blocked
Because your site has the Cross-Origin Embedder Policy (COEP) enabled, each embedded iframe must also specify this policy. This behavior protects private data from being exposed to untrusted third party sites.
To solve this, add one of following to the embedded frame’s HTML response header:
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Embedder-Policy: credentialless (Chrome > 96)

Here is the article that explains what is COEP https://developer.chrome.com/blog/coep-credentialless-origin-trial/

In my case I fixed it by adding the following code into webpack dev server:

  devServer: {
    headers: {
      'Cross-Origin-Embedder-Policy': 'credentialless'
    },
    ...
   }

And for production mode, I added this header into my nginx config

add_header Cross-Origin-Embedder-Policy "credentialless";

Lac answered 21/11, 2023 at 13:31 Comment(0)

J

-3

Finally after many investigations and searches the below code solve the issue:

<style type="text/css">
iframe {
  border: none;
  width: 100%;
  height: 500px;
}

@media (min-width: 1024px) {
  .content_viewport {
    border: 0px none;
    height: 900px;
width: 100%;
  }
}
@media (max-width: 1023px) {
  .content_viewport {
    border: 0px none;
    height: 900px;
width: 100%;  }
}
@media (min-width: 768px) {
  .content_viewport {
    border: 0px none;
    height: 900px;
width: 100%;  }
}
</style>
<div style=" overflow: hidden; margin: 15px auto; max-width: 880px;"><iframe class="content_viewport" scrolling="no" src="<Your URL>"></iframe>
<p>&nbsp;</p>
</div>

Jemmie answered 24/2, 2019 at 8:7 Comment(1)

I think the problem is more of a security problem than a display problem. – Tobacconist 25/9, 2020 at 10:18

Recommended topics

Hot tags