Many times you guys try to load other’s website on your own domain through iframe. But most of you see below error in browser console window:
Refused to display document because display forbidden by X-Frame-Options
In today’s browser, you can see this issue. Because most of the hackers are loading iframe on their own domain and cheat users by stilling user’s data. So for security purpose browser prevent to access other’s website in iframe. No doubt, you(domain owner) can also control iframe load of your website through your web configuration file.
We will use this jQuery plugin.
Supported Browsers : Chrome and Firefox
HTML code is given below:
<!DOCTYPE html> <html lang="en"> <head> <title>Bootstrap Example</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css"> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script> <script src="https://unpkg.com/@ungap/custom-elements-builtin"></script> <script type="module" src="https://unpkg.com/x-frame-bypass"></script> </head> <body> <div class="embed-responsive embed-responsive-16by9"> <iframe class="embed-responsive-item" is="x-frame-bypass" src="<<YOUR URL>>" allowfullscreen></iframe> </div> </body> </html>
Here in above example code you can see we have to include two main script tags which are
<script src="https://unpkg.com/@ungap/custom-elements-builtin"></script> <script type="module" src="https://unpkg.com/x-frame-bypass"></script>
then in iframe tag, you have to include the attribute is=”x-frame-bypass”. And instead of this <<YOUR URL>> you have to write the URL which you want to load an iframe.
NOTE: THIS BLOG WRITTEN FOR GOOD PURPOSE AND FOR STUDY ONLY. I AM NOT USE THIS CODE FOR HACKING PURPOSE. BEFORE USE THIS CONCEPT YOU SHOULD HAVE TO TAKE PERMISSION OF PARTICULAR SITE OWNER BEFORE LOAD HIS/HER WEBSITE IN YOUR DOMAIN. IF YOU MISUSE THIS CODE THEN ONLY YOU ARE RESPONSIBLE FOR ANY CRIMINAL ACTIVITY.