Introduction
- The aim of this article is not to cover theory of HTML and its tag iframe
- it is only extension of documentation of webViewer widget
Source of information:
- mappView webViewer widget B&R Online Help
- iFrame tag w3schools
- iframe refuse to connect stackoverflow
- some theory about http security 1 and 2
Problem
Explanation
- webWiever widget is so called iFrame, this is used to embed another document within the current HTML document.
- browser can block embedded page if the page is not hosted by same domain
- a creator of a webpage, define how and where your content is to be shown.
This is a sample from the B&R webpage:
- The used “Content-Security-Policy” defines that this page only wants to be included in a IFrame if the webpage with the IFRame is hosted on a B&R domain (or localhost “self”). If a browser renders the page and sees these settings, he will simply reject to load the (B&R) page in the IFrame.
Workaround
- not on mappView side. Theoretically it would be possible to channel the page to be included through a “proxy” and modify the Content-Security-Policy – however, this is in many cases also not possible / simple due to the usage of https, where the whole traffic is encrypted and authenticated.
Why some creators of webpage block it and some not?
- This is all about security. Usually you use the content-security-policy to control from where e.g. JavaScript or CSS files are loaded to prevent anyone from abusing your code or to prevent code-injection at all. It is a typical trend in WWW to restrict where and how things can be used, so lets say it is mainly “best practice”.
Tip
- would like to be sure if your web page can be displayed in iframe? use this link to check it out.
