Community

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DedraLWright
New Member

Help with populating an iFrame.

Jump to solution

Hello,

 

I have been working to create an iFrame for course policies.  I have done this many times before in other positions; however, I believe that the site may be blocking the iFrame.

 

Here is my code:

<iframe style="position: relative; top: 0; left: 0; width: 675px; height: 600px; overflow: none; border: none;" src="https://education.faes.org/contentManagement.do?method=load&code=CM000011"></iframe>

Is there something that is missing?

Thank you!

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
James
Community Champion

@DedraLWright 

You are correct that the website blocks other sites from embedding the content within an iframe. It does this by adding a content-security-policy of frame-ancestors 'self' test.authorize.net accept.authorize.net;

That means that unless you are on education.faes.org, test.authorize.net, or accept.authorize.net, you're not going to be easily able to embed the content in an iframe.

Here are some potential work-arounds.

  • You can link to the content rather than putting it in an iframe.
  • If you have the permission of the website to include their content in an iframe on your site, then you can work with them to change the content security policy (CSP) to allow access from your site. The CSP comes from their server, so there's not much you can do on your end.
  • You can install a proxy server that downloads the content and resends it without the CSP. This may be a violation of the terms of service of the website. They likely don't want people including their content in an iframe, so they may object to this work-around. If it's just a single page and they grant their permission to use it, you could make a copy of that page on a different server that didn't use the CSP and not mess with a proxy server.
  • If you can get their permission to use their content, you may be able to make your own copy within Canvas and not mess with iframes at all.

View solution in original post

3 Replies
DedraLWright
New Member

This is the  message that I keep getting:

education.faes.org refused to connect.

James
Community Champion

@DedraLWright 

You are correct that the website blocks other sites from embedding the content within an iframe. It does this by adding a content-security-policy of frame-ancestors 'self' test.authorize.net accept.authorize.net;

That means that unless you are on education.faes.org, test.authorize.net, or accept.authorize.net, you're not going to be easily able to embed the content in an iframe.

Here are some potential work-arounds.

  • You can link to the content rather than putting it in an iframe.
  • If you have the permission of the website to include their content in an iframe on your site, then you can work with them to change the content security policy (CSP) to allow access from your site. The CSP comes from their server, so there's not much you can do on your end.
  • You can install a proxy server that downloads the content and resends it without the CSP. This may be a violation of the terms of service of the website. They likely don't want people including their content in an iframe, so they may object to this work-around. If it's just a single page and they grant their permission to use it, you could make a copy of that page on a different server that didn't use the CSP and not mess with a proxy server.
  • If you can get their permission to use their content, you may be able to make your own copy within Canvas and not mess with iframes at all.

Thank you!  The error had me doubting my ability to set up an iFrame (smile).  Many thanks!!!