Iframe

PHPMaker General Discussion (PHPMaker)
1

Hello,I am trying to open the Generated Page via an IFrame.
It has to make it so that I want to open it in a game ingame.Unfortunately I always get this error:http ://xxx.xx.net/js/ew.min.js:5:Uncaught SecurityError: Blocked a frame with origin “http ://xxx.xxx.net” from accessing a frame with origin “http ://resource”. Protocols, domains, and ports must match.Someone ne solution how I can fix this or can open via iframe.

2

Post your code/customization that related to that IFrame for more discussion.

3 
<div id="Laptop-LifeInvader" style="display: none;" class="LifeInvader">
                <iframe style="width: 100%; height: 100%; position:static; z-index: 1;" src="./403/regelwerk.html" title="403">
                </iframe>
                <iframe style="width: 100%; height: 100%; z-index: 101;margin-top: -59.1%;" src="//yyy.xxx.net" title="LifeInvader">
                </iframe>
            </div>
            <div id="Laptop-Support" style="display: none;">
                <iframe style="width: 100%; height: 100%; position:static; z-index: 1;" src="./403/regelwerk.html" title="403">
                </iframe>
                <iframe style="width: 100%; height: 100%; z-index: 101;margin-top: -59.1%;" src="//xxx.xxx.net" title="Support">
                </iframe>
            </div>

The first Iframe Working fine…
the second iframe dont work, Error see in the first post

4

You can’t access an

5

Thank you, but I had already tried several times.With the settings I now get the error:
[15:01:27][Error] [WEB, view 0000017E840CA780] http://resource/client/cef/hud/index.html:0:Invalid ‘X-Frame-Options’ header encountered when loading ‘http://xxx.xxx.net/error’: ‘ALLOW-FROM http://resource/client/cef/hud/index.html’ is not a recognized directive. The header is ignored.
[15:01:28][Error] [WEB, View 0000017E840CA780] http://xxx.xxx.net/js/ew.min.js:5:Uncaught SecurityError: A frame with origin ‘http://xxx.xxx.net’ was blocked from accessing a frame with origin ‘http://resource’. Protocols, domains, and ports must match.

6

You may need to configure your web server to output the Access-Control-Allow-Origin header, google “Access-Control-Allow-Origin” for more information.

7

I have the access-control-allow-methods, content-security-policy and the x-frame-options set, but it doesn’t work.
All other pages don’t work except phpmaker.Now the error comes around:
[17:13:53][Error] [WEB, View 000002360CCA6240] about:blank:0:Display of ‘http://xxx.xxx.net/error’ in a frame has been denied because an ancestor violates the following content security policy: “frame-ancestors ‘self’ ‘http://resource/client/cef/hud/index.html’ ‘http://resource’”.

8

arbei wrote:

You may need to configure your web server to output the > Access-Control-Allow-Origin > header…

But Fiesi wrote:

I have the > access-control-allow-methods, content-security-policy and the x-frame-options > set…

If you use Apache web server, you may try to add the following lines to the .htaccess in the project folder, e.g.

Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "*, X-Requested-With, Content-Type, Accept, Origin, X-Authorization"
Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, PATCH, OPTIONS"
9

Thanks for the tip, but I have already tried that.Despite this setting I still have the following errors:[09:25:49][Error] [WEB, View 000001C314FA22E0] http://xxx.xxx.net/js/ew.min.js:5:Uncaught SecurityError: A frame with origin “http://xxx.xxx.net” was denied access to a frame with origin “http://resource”. Protocols, domains and ports must match.

10

You may want to google “iframe sandbox allow-same-origin” for more information.

11

I had already tried that.I can open all pages this way, but only the generated pages with phpmaker do not work.

12

Be sure that both your websites have SSL activated.If your one website SSL activated and other is not, then this error will occur.

13

shahparzsoft wrote:

Be sure that both your websites have SSL activated.> If your one website SSL activated and other is not, then this error will
occur.

in the Game i have only http - and the generatet Site is http and https (it only for the Game)it seems to be that something in the ew.min.js is blocking.Error:
http://SUB. DOMAIN.net/js/ew.min.js:5:Uncaught SecurityError: A frame originating from "http: // SUB. DOMAIN.net “was blocked from accessing a frame originating from” http: // resource ". Protocols, domains and ports must match.Current header:
HTTP / 1.1 302 found
Date: Thu, 03 Jun 2021 09:56:02 GMT
Server: Apache
Expires: Thu, Nov 19, 1981 08:52:00 GMT
Cache control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Headers: *, X-Requested-With, Content-Type, Accept, Origin, X-Authorization
Access-Control-Allow-Credentials: true
Set cookie: PHPSESSID = 3hmkr7l39m2i85vj0s3o8k8tnt; path = /
Set cookie: PHPSESSID = 3hmkr7l39m2i85vj0s3o8k8tnt; path = /; SameSite = None;
Update: h2
Connection: upgrade
Location: login
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: ‘unsafe-inline’ ‘unsafe-eval’ ‘unsafe-dynamic’; script-src * data: blob: ‘unsafe-inline’ ‘unsafe-eval’; connect-src * data: blob: ‘unsafe-inline’; img-src * data: blob: ‘unsafe-inline’; frame-src * data: blob:; style-src * data: blob: ‘unsafe-inline’; font-src * data: blob: ‘unsafe-inline’;
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: ‘unsafe-inline’ ‘unsafe-eval’ ‘unsafe-dynamic’; script-src * data: blob: ‘unsafe-inline’ ‘unsafe-eval’; connect-src * data: blob: ‘unsafe-inline’; img-src * data: blob: ‘unsafe-inline’; frame-src * data: blob:; style-src * data: blob: ‘unsafe-inline’; font-src * data: blob: ‘unsafe-inline’;
Content length: 0
Content type: text / html; charset = UTF-8