Page has URL that redirects to external URL

Jump to solution
RozelleNortje
Community Member
‎03-26-2024 04:46 AM

We have a couple of Pages that act as external URL tools. Somehow, URLs were added to the HTML content that redirects as soon as you try to view the content on the Page. It is impossible to edit the page because it immediately redirects.

We employed a freelance learning designer and no longer have access to the original content used. Ideally, we would like a solution to remove the link, go in, and edit the Pages without needing to redesign about 16 weeks' worth of content. Any idea how to circumvent the redirect? I have tried copying the Pages' URLs with /edit and it still redirects.

Labels (4)
0 Likes
1 Solution

Jump to solution
James
Community Champion
In response to RozelleNortje
‎03-26-2024 01:07 PM

@RozelleNortje 

I embedded that page in an iframe on a regular HTML page (outside Canvas) and it stayed within the iframe. It also loaded a lot more than it needed to, implemented an infinite scroll, and showed me ads after a while.

What I noticed in my browser was a note that a redirect was blocked for this page. That's something I have in my security settings in Chrome.

When I embedded the iframe inside a Canvas page, I saw similar things. There was a redirect attempt made by Britannica -- likely to get people out of an iframe so people don't steal their content or misrepresent it to be theirs. I'm not saying that's what you're doing, but some people do, so content publishers have to resort to things to make sure it doesn't happen.

Unlike you, I was able to edit the page in Canvas because I have the redirects blocked.

It is the Britannica page that is doing the redirect.

On line 114, they have a script line that reads:

if (self !== top) { top.location = self.location; }

That checks to see if you're in an iframe and if so, then break out of it. 

We cannot control the settings on each user's browser to disable redirects. Instead, we can disable them within the settings.

If you add the word sandbox to the iframe element, then it disables the redirect. When I do that on my test page, the redirect message no longer appears. The same thing happens in Canvas.

<iframe style="border: 0px #000 none;" src="https://www.britannica.com/art/Third-Cinema"
  width="600px" height="400px" name="myiFrame" allowfullscreen="allowfullscreen"
  sandbox="">
</iframe>

 

There are other options to the sandbox attribute that control how much to allow. In particular, allow-top-navigation allows the resource to change the top-level browsing context, but only if initiated by the user -- as opposed to an automatic redirect. That means that if Britannica had a link to open in a new window and the user clicked on it, then it would open in a new window, but that it won't automatically do it.

<iframe style="border: 0px #000 none;" src="https://www.britannica.com/art/Third-Cinema"
  width="600px" height="400px" name="myiFrame" allowfullscreen="allowfullscreen"
  sandbox="allow-top-navigation">
</iframe>

I confirmed this worked with an external page and within a Canvas page.

I would use the sandbox without options unless other functionality was needed for viewing the page. 

You need to edit the page to make that change. That's the the problem -- but at least now I know what you're experiencing.

It turns out that we can do that without using the API.

The issue is that you have allowed redirects in your browser. If we disable them there, then we can edit the page directly from Canvas, add the sandbox attribute, save the page and be done with it. If you decide that you want to re-enable redirects, then you could do that.

I'm going to explain how to do this in Chrome, but if you have another browser with redirects already disabled, then you could use it. There are multiple ways to do what I'm going to explain, this is just a quick way.

  1. Open Canvas within Chrome.
  2. Left click your mouse on the Site Information icon right before the URL in the location bar at the top. For me, it looks like an o-- on one line and a --o on the second line.
  3. Choose site settings.
  4. It should open to the Privacy and Security page. If not, choose that page.
  5. Under permissions, look for pop-ups and redirects.
  6. Change it to Block. I have mine set to block by default so it says Block (default).

At this point, you can use edit the Canvas page (I would use a different tab) and add the sandbox="allow-top-navigation" or just sandbox="". You will need to use the HTML editor view on the page to do this.

You can optionally switch back to allowing redirects after you have made the change. Best practices for security suggest blocking redirects.

One warning, though. If you edit the page with redirects allowed, it will take you out of the edit mode to the full-screen Britannica page. This is because the edit mode doesn't load the content in a sandboxed iframe and it gets to run its script that makes it the top.

This means that the person editing the page needs to have redirects blocked while they edit. People viewing the page will be protected by the sandbox mode.

Another benefit of the sandbox mode, at least with the Britannica page, is that also prevents loading additional articles, the infinite scroll, and the ads. You get the article without the rest of the unwanted behaviors.

 

You mentioned removing the iframe completely. This can also be done and would make Britannica happy because you're not embedding their content on your page. There are other ways to prevent embeds as opposed to using JavaScript to redirect. They should probably look at those if they really want to protect their information.

If you completely remove the iframe, then you can have a link that will take you to the Britannica page and let the students view it there. This will open in a new tab since it is an external link.

View solution in original post

0 Likes