X-Frame-Options & iframe & CORS

https://github.com/xgqfrms/FEIQA/issues/23

X-Frame-Options

iframe & CORS

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

bug

Uncaught DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame.

sandbox

iframe & mdn

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe



const showDOM = (url = ``) => {
    let iframeBox = $qs(`[data-img-box="empty-iframe-page-box"]`);
    let no_data = `
        <p data-no-data="p">
            <span data-no-data="span">暂无数据</span>
        </p>
    `;
    try {
        if (url) {
            let iframe = document.createElement(`iframe`);
            iframe.src = url;
            // sandbox
            // srcdoc
            iframe.style.height = `100%`;
            iframe.style.width = `100%`;
            iframe.style.minHeight = `300px`;
            iframe.style.minWidth = `500px`;
            iframe.setAttribute(`sandbox`, `allow-scripts`);
            iframe.setAttribute(`sandbox`, `allow-scripts`);
            iframe.setAttribute(`data-iframe`, `empty-iframe-page`);
            iframe.setAttribute(`name`, `页面空模块`);
            if (iframeBox) {
                iframeBox.innerHTML = "";
                iframeBox.insertAdjacentElement(`beforeend`, iframe);
            }
        }
    } catch (err) {
        // no data
        iframeBox.innerHTML = "";
        iframeBox.insertAdjacentHTML(`beforeend`, no_data);
        throw new Error(`fetch image error`, err);
    }
};

https://community.tableau.com/thread/157316