I need to have an iframe script which I can give to my different clients, so that they can embed it in their sites. Just like Youtube or facebook does.

But it does not get rendered due to cross domain restrictions.

I have gone through every documentation for x - frame options , crossDomain ajax call.

The problem with crossDomain ajax call is that I have only JSONP to work with.

I have tried this - just go to any youtube video and get its Embed code. Its a plain iframe script e.g. <iframe width="420" height="315" src="http://www.youtube.com/embed/7N5OhNplEd4" frameborder="0" allowfullscreen></iframe> If you inject the above script in your html, it will get rendered , but as soon as you edit the src of the iframe to youtube.com itself , it will go blank.

Facebook's iframe too gets rendered everywhere smoothly.

I am hell tortured by this thing. Please guide me on this. Thanks in advance!

有帮助吗?

解决方案

IF you look at the response headers from youtube.com it is returning "X-Frame-Options:SAMEORIGIN" so they are adding the header on the server to stop people from displaying youtube (website pages) via a iframe.

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top