iframe does not work with external sites

0

I'm developing a panel with several iframes, however, putting external sites like google.com.br is not opening anything in the iframe

<html>
    <body>
        <h1>ADM</h1>
        <iframe src="http://google.com.br"></iframe></body></html>

Result: link

    
asked by anonymous 05.08.2017 / 21:21

1 answer

3

It's because your site uses HTTPS and you're trying to inject into an HTTP site, then it causes the error:

  

Mixed Content: The page at ' link ' was loaded over HTTPS, but requested an insecure resource ' link '. This request has been blocked; the content should be served over HTTPS.

Maybe this will use HTTPS on your website and HTTPS in the iframe, maybe it will work:

<html>
    <body>
        <h1>ADM</h1>
        <iframe src="https://google.com.br"></iframe></body></html>

Butrememberthereareothertypesoflocks,suchasFrame-OptionsheadersandContent-Security-Policythatexternalsitesmightbeusing

Moredetailsat:

Alternative

The alternative is somewhat complex and has no guarantees, you can create a kind of proxy with CURL inside your server to access external sites.

Create a file named webproxy.php and add

<?php
set_time_limit(0);

if (empty($_GET['url']) || preg_match('#^(http|https)://[a-z0-9]#i', $_GET['url']) === 0) {
    echo 'URL inválida';
    exit;
}

$url = $_GET['url'];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, false);

//Envia o user agente do navegador atual
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

//Pega os dados
$data = curl_exec($ch);

//Fecha o curl
curl_close($ch);

$ch = NULL;

$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

if($data === false) {
    http_response_code(404);
    echo 'Curl error: ' . curl_error($ch);
} elseif ($httpcode !== 200) {
    http_response_code($httpcode);
} else {
    $finfo = new finfo(FILEINFO_MIME_TYPE);
    header('Content-Type: ' . $finfo->buffer($data));
    echo $data;
}

And order from the iframe by:

<iframe src="webproxy.php?url=https://google.com.br"></iframe>
    
05.08.2017 / 21:27