Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
We3D26892yhaven't touched iFrame in yrs, so can't tell for sure, but if I get it correctly the requests originate from the server where is hosted. if ur assumption is right and when in iFrame the origin is changed what happens if two sites embed that iFrame?
-
Iframes create some entirely new context in the page, totally separated from that of the parent. Requests originating from an iframe have the "Origin" and "Referer" headers based on their own address, not that of the main container hosting it.
-
TLDR: abc.com loads an iframe from xyz.com; every request originating from the iframe will be shown as coming from xyz.com.
-
Voxera113882yIf the iframe is created with the url, thrn the iframe is isolated from the parent so neither should be able to access each other.
Not entirely sure if the content of the iframe could see the url of the parent though, been years since I had a case where I needed to care about that. -
@Voxera content of the frame cant see the parent nor vice versa, the browser APIs exist but they throw errors now "security issue", at least until 1 year ago when I last had to work with it
But thats within expectations, all I wanted was the origin request to be the iframe url :3
Related Rants
Say a JS 'widget' is embedded inside a domain abc.com
the widget's content is retrieved from xyz.com (API?), the API also returns a custom URL (think of it as a tracker) that the JS adds to the DOM of abc.com, inside an iFrame.
Essentially making this iFrame hosting xyz.com content/page while existing in abc.com domain
Now this iFrame's page makes its own requests to 3rd party sites, would that mean the 3rd party would see the request originating from xyz.com (iFrame page) or abc.com (the site hosting the iFrame)?
question
js
iframe
web