Capture "Display is prohibited using X-Frame-Options"

Question

Capture "Display is prohibited using X-Frame-Options"

I understand that this mistake cannot be overcome.

But what I would like to do is that when I come across a page that cannot be inserted, the page just loads like a popup. What is happening now is that they redirect me to the page.

I see the following error in chrome for pages that cannot be embedded.

Refused to display 'http://www.nokia.com/us-en/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'

+4

javascript html iframe x-frame-options

Dan Ciborowski - MSFT May 01, '13 at 17:26

source share

1 answer

Jonathon klem · Accepted Answer · 2014-02-27T14:27:31+0000

Here is a link to a similar answer that a PHP script provides for checking headers: Detect X-Frame parameters

You can change it so that it accepts the GET variable as such:

 $error=false; $urlhere=$_GET["url"]; $ch = curl_init(); $options = array( CURLOPT_URL => $urlhere, CURLOPT_RETURNTRANSFER => true, CURLOPT_HEADER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_ENCODING => "", CURLOPT_AUTOREFERER => true, CURLOPT_CONNECTTIMEOUT => 120, CURLOPT_TIMEOUT => 120, CURLOPT_MAXREDIRS => 10, ); curl_setopt_array($ch, $options); $response = curl_exec($ch); $httpCode = curl_getinfo($ch); $headers=substr($response, 0, $httpCode['header_size']); if(strpos($headers, 'X-Frame-Options: deny')>-1||strpos($headers, 'X-Frame-Options: SAMEORIGIN')>-1) { $error=true; } $httpcode= curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); echo json_encode(array('httpcode'=>$httpcode, 'error'=>$error));

Then use ajax request to check each URL

 $.getJSON("/path/to/script.php?url="+url_variable, function (data) { if (data.error) { // code to display pop-up } else { // code to display iframe } });

Capture "Display is prohibited using X-Frame-Options"

More articles: