本文介绍了谷歌主页不会在 iframe 中加载的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

真的不明白为什么雅虎 iframe 可以工作,但谷歌 iframe 不行:

Really cannot understand why yahoo iframe works but the google one does not:

<!DOCTYPE html><html><body>
<iframe frameborder="0" src="http://www.yahoo.com"></iframe>
<iframe frameborder="0" src="http://www.google.com"></iframe>
</body></html>

有什么想法吗?

推荐答案

来自 http://msdn.microsoft.com/en-us/library/cc288472(v=vs.85).aspx#search

点击劫持防御:一些黑客试图诱骗用户点击看似执行安全或无害功能的按钮,但却执行无关的任务.点击劫持者通过使用透明框架嵌入恶意代码或纠正"用户界面,这些框架覆盖具有误导性文本和图像的特定 UI 元素.为帮助防止点击劫持,网站所有者可以将名为 X-Frame-Options 的 HTTP 响应标头与 HTML 页面一起发送,以限制页面的框架方式.

Clickjacking Defense: Some hackers try to trick users into clicking buttons that appear to perform safe or harmless functions, but instead perform unrelated tasks. Clickjackers embed malicious code or "redress" the user interface by using transparent frames that overlay specific UI elements with misleading text and images. To help prevent clickjacking, Web site owners can send an HTTP response header named X-Frame-Options with HTML pages to restrict how the page may be framed.

X-Frame-Options: Deny

如果 X-Frame-Options 值包含标记拒绝,Internet Explorer 8 会阻止呈现包含在框架内的页面.如果该值包含标记 SameOrigin,并且顶级浏览上下文与包含该指令的页面的来源不同,则 Internet Explorer 将不会呈现该页面.被阻止的页面被替换为此内容无法在框架中显示"错误页面.

If the X-Frame-Options value contains the token Deny, Internet Explorer 8 prevents the page from rendering if it is contained within a frame. If the value contains the token SameOrigin, Internet Explorer will not render the page if the top level-browsing-context differs from the origin of the page containing the directive. Blocked pages are replaced with a "This content cannot be displayed in a frame" error page.

这篇关于谷歌主页不会在 iframe 中加载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-27 23:31