Help with populating an iFrame.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have been working to create an iFrame for course policies. I have done this many times before in other positions; however, I believe that the site may be blocking the iFrame.
Here is my code:
<iframe style="position: relative; top: 0; left: 0; width: 675px; height: 600px; overflow: none; border: none;" src="https://education.faes.org/contentManagement.do?method=load&code=CM000011"></iframe>
Is there something that is missing?
Thank you!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You are correct that the website blocks other sites from embedding the content within an iframe. It does this by adding a content-security-policy of frame-ancestors 'self' test.authorize.net accept.authorize.net;
That means that unless you are on education.faes.org, test.authorize.net, or accept.authorize.net, you're not going to be easily able to embed the content in an iframe.
Here are some potential work-arounds.
- You can link to the content rather than putting it in an iframe.
- If you have the permission of the website to include their content in an iframe on your site, then you can work with them to change the content security policy (CSP) to allow access from your site. The CSP comes from their server, so there's not much you can do on your end.
- You can install a proxy server that downloads the content and resends it without the CSP. This may be a violation of the terms of service of the website. They likely don't want people including their content in an iframe, so they may object to this work-around. If it's just a single page and they grant their permission to use it, you could make a copy of that page on a different server that didn't use the CSP and not mess with a proxy server.
- If you can get their permission to use their content, you may be able to make your own copy within Canvas and not mess with iframes at all.