Hi, I've this problem, when I embed my website in an external iframe, a js button doesn't work and outputs "Access denied: Cross-domain security error".
I can't edit iframe (I've no control on it).
Please, help me
Galia Bahat answers:
You probably need to allow it through the website inside the iframe.
Do you have control over what's inside the iframe or just the wrapping webpage?
Imagine this: a malicious developer creates a webpage with an iframe. The iframe opens Gmail, hoping that you set your browser to remember your Gmail password. Then, through JS the developer gets the content of the password field, which was automatically filled on your end.
They hide the iframe and you never know that your password was stolen.
So the browser in that case asks Gmail if they trust that malicious developer's site.
Looks like that's what you've got here. The website in the iframe needs to confirm that you're not looking for trouble.
Yes, I've control over website. Can I add trusted sites/domain? How?
Luis Abarca answers:
Use this tool to add the domain to the iframed site
I tried it. It generates an cross domain xml.
I put it in website root (I have control only on embedded site) but it doesn't work. Any hints?
Arnav Joy answers:
read these article
Thank you, tried it. Doesn't work. Consider that I've access only to embedded website, and not to iframe site.
So if I need to embed site A in site B, I can edit only site A, not the frame on site B.
Arnav Joy comments:
write following in .htaccess file
please take proper backup of the file before doing it.
Header set Access-Control-Allow-Origin "*"
Thanks, but it doesn't work.