Can website like stumbleupon open google.com

Question

I was wondering how stumbleupon.com works? The basic idea is that they embed the website in an iframe tag. But will it be able to open sites like google.com / yahoo.com? I tried implementing an iframe with adjustable height - Results - I got lot of errors X-Frame-Options' to 'SAMEORIGIN'. which I get is because of security reasons and cross domain access. I implemented a php to use file_get_content and then display that php on iframe. I got some results but not the dynamic results.

How can one go about implementing what stumbleupon does? Or it can only work on sites which allow cross domain reference. And that stumbleupon.com wont be able to access google.com?

Answer 1

Any site that sends X-Frame-Options headers can prevent you from being able to load the site in an iframe (in modern browsers). A related technology which could be used in some browsers is Content Security Policy which allows similar restrictions on cross-domain frames and content.

If Stumbleupon is embedding the site in an iframe, they can only support this for pages which do not serve X-Frame-Options headers with the "SAMEORIGIN" setting.

If the site is serving up the X-Frame-Options header, they're basically telling the browser, "don't embed my content in a frame." I would recommend checking this header for any site / page you'd like to embed in an iframe, and, if it's there, don't attempt including the site.

While you could work around this as you suggested by scraping the site using PHP or another tool, you're probably not following the site's wishes and could run into other problems if they detect you as a robot and start blocking your site.

X-Frame-Options MDN: X-Frame-Options

Content Security Policy HTML5Rocks: Content Security Policy MDN: Introducing Content Security Policy