Question

I need to have an iframe script which I can give to my different clients, so that they can embed it in their sites. Just like Youtube or facebook does.

But it does not get rendered due to cross domain restrictions.

I have gone through every documentation for x - frame options , crossDomain ajax call.

The problem with crossDomain ajax call is that I have only JSONP to work with.

I have tried this - just go to any youtube video and get its Embed code. Its a plain iframe script e.g. <iframe width="420" height="315" src="http://www.youtube.com/embed/7N5OhNplEd4" frameborder="0" allowfullscreen></iframe> If you inject the above script in your html, it will get rendered , but as soon as you edit the src of the iframe to youtube.com itself , it will go blank.

Facebook's iframe too gets rendered everywhere smoothly.

I am hell tortured by this thing. Please guide me on this. Thanks in advance!

Was it helpful?

Solution

IF you look at the response headers from youtube.com it is returning "X-Frame-Options:SAMEORIGIN" so they are adding the header on the server to stop people from displaying youtube (website pages) via a iframe.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top