Showing downloaded html file within an iframe and getting 403 response

[Liam88]

I'm hoping someone may be able to guide on this.

One of my side projects stores ads for ecommerce brands for inspiration. I want to now add in their landing pages.

I have used SingleFile to get a download of a page and then uploaded it to the page as a file.

I am then looking to output as an iframe with the expectation this won't interfere with any css/html on my page.

This leads to a basic output of this

<iframe src='<?=$page->landing_page_html?>' width='100%' height='600px'></iframe>

However, I'm getting a 403 response on the page. Does anyone have any guidance if my method is on the right path or should I leave this for another?

I'm guessing it's wrong as no other site like awwwards or say Shopify templates do this and lean on a screenshot that links to the page.

I have attached an example file for context.

Big thank you in advance.

Collagenic Burn Elite – Obvi (11_04_2024 17_38_24).html

[Liam88]

I was able to get it to work within a basic index.html file and referencing the file in an iframe. I'm guessing it's due to server settings then.

[wbmnfktr]

I have some ideas here but they would make things even worse.

I can imagine that it's nice to have a real page included and scroll around in it BUT... there so many downsides and probably legal issues here.

Maybe rethink the idea and either only save those ads or make screenshots like everyone else.

[Liam88]

2 hours ago, wbmnfktr said:

I have some ideas here but they would make things even worse.

I can imagine that it's nice to have a real page included and scroll around in it BUT... there so many downsides and probably legal issues here.

Maybe rethink the idea and either only save those ads or make screenshots like everyone else.

Yeah the purpose is to have a page but without the function. However, it will still adjust to device etc.

Like you said, I may need to rethink it as I can't find distinct yes or no's on this usage. 

[Matzn]

On 4/12/2024 at 11:47 AM, Liam88 said:

I was able to get it to work within a basic index.html file and referencing the file in an iframe. I'm guessing it's due to server settings then.

@Liam88

Check your header settings, maybe is set to deny  https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Do you really want to use iframe? It's obsolete.

[Liam88]

42 minutes ago, Matzn said:

@Liam88

Check your header settings, maybe is set to deny  https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Do you really want to use iframe? It's obsolete.

I'd prefer to not use iframe but when searching it was flagged as the best option. 

 

Any suggestions instead of iframe. I'm not a dev so just learn as I go, so any direction to go would be appreciated. 

[applab]

In my experience 403's are usually the result of the hosts WAF (Web Application Firewall) being triggered (<iframe>'s are notorious for this).  Contact your hosts support, give them the URL that's causing the 403 and ask them to check their WAF logs for a violation.  It's not unlikely that they will add an exception for you, otherwise you'll need a re-think!

[virtualgadjo]

Hi,

sorry it that sounds like a silly question, but have you tried the simple
 

<iframe src='<?=$page->landing_page_html->url>' width='100%' height='600px'></iframe>

as files work like images, you don't just echo the field name but its attributes, url, description (that you can use as you iframe title ""if"" accessibility matters)

just in case 🙂

have a nice day

[Matzn]

On 4/19/2024 at 6:21 PM, Liam88 said:

I'd prefer to not use iframe but when searching it was flagged as the best option. 

 

Any suggestions instead of iframe. I'm not a dev so just learn as I go, so any direction to go would be appreciated. 

I had probably missed the notification of this post.

Check this:

1. If landing_page_html->url is hosted on a foreign domain, every browser blocks iframe traffic. Remedy: The foreign domain user must add your domain as trusted domain to there server settings. Than will send a header include your domain to iframe and the browser accept traffic.
2. If landing_page_html->url on the same domain, the safety settings of the server could prevent this.
3. One option is as from @applab that WAF is blocked. 
4. The server of the foreign domain accept only certain user agents
5. You can alternatively test the HTML-Object Tag.

[applab]

@Matzn although the OP didn't specify, I'm assuming that the included content is coming from the same domain and therefore it's not a cross-origin problem, @Liam88 let us know if that's not the case.

@Matzn's #5 suggestion is worth a try, you can use either <object> or <embed> instead of <iframe> but you can't populate it using a literal chunk of HTML, which is what I assume you're getting from `<?=$page->landing_page_html?>'`, you'll need to provide a URL that returns the content, so something like...

<div>
    <embed type="text/html" src="<?= $pages->get('/landing-page/')->url ?>" width="600" height="400" />
</div>

or

<div>
    <object type="text/html" data="<?= $pages->get('/landing-page/')->url ?>" width="600" height="400"></object>
</div>