douye2111
2013-07-19 11:54
浏览 54
已采纳

跨域/协议iframe,可访问服务器和现代功能

I am trying to embed an iframe into an https site. The site being embedded can only use the http protocol.

I'm getting a console error that the frame was blocked because "The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match".

Once I have the frame working I then want to run code on the embedded site. I think using the postMessage framework should do this for me, but I don't want the code that receives those messages on the embedded page to always be included, so want to use Javascript on the parent site to inject the JS file. Trying to use contentDocument but getting an error that this is null.

There is no requirement to support old browsers, so all the new HTML5 stuff is fine so long as IE10/Chrome/Safari/Firefox latest will run it. I have full access to both servers so editing PHP/Apache headers is fine.

图片转代码服务由CSDN问答提供 功能建议

我正在尝试将iframe嵌入到https网站中。 被嵌入的站点只能使用http协议。

我收到一个控制台错误,表示帧已被阻止,因为“请求访问的帧具有”https“协议,帧 被访问的协议为“http”。协议必须匹配“。

一旦我有框架工作,我就想在嵌入式网站上运行代码。 我认为使用postMessage框架应该为我做这个,但我不希望总是包含在嵌入页面上接收这些消息的代码,所以想在父站点上使用Javascript来注入JS文件。 尝试使用contentDocument,但得到的错误是null。

没有要求支持旧的浏览器,所以只要IE10 / Chrome / Safari /所有新HTML5的东西都很好 Firefox最新将运行它。 我可以完全访问这两个服务器,因此编辑PHP / Apache头文件很好。

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dtn43447 2013-07-19 16:21
    已采纳

    To answer my own question, after several more hours struggle, it turns out it isn't going to be possible to inject a JS file when the parent is https and the child is http.

    However, once I gave up on this dream, it was quite easy!

    Before loading the iframe, I make a CORS AJAX request from website A to the site I want to display in the iframe (website B), to a PHP file that checks the HTTP_ORIGIN value to make sure the correct server is accessing. If it is, it sets a session variable on website B. Then, when I load website B from website A in the iframe, it uses the session value to know it's OK to include the javascript file I was going to inject onto website B.

    After that, the postMessage stuff all worked fine over different protocols with no extra work!

    点赞 打赏 评论

相关推荐 更多相似问题