Embed website with iframe in meteor cross domain

Question

A little problem, I could not find a solution for:

The meteor application works in a local network: Served on app.local:3000
A website (Wordpress, Apache) will be the iframe src

So this is what it looks in meteor:

<template name="test">
    <style>
        body { margin: 0; }
        iframe { display: block; background: #000; border: none; height: 100vh; width: 100vw; }
        </style>
    <iframe src="http://mllnm.de/wp-api" frameborder="0"></iframe>
</template>

But as I expected:

Refused to frame 'http://mllnm.de/wp-api' because it violates the following Content Security Policy directive: "default-src 'self' http://.googleapis.com https://.googleapis.com http://.gstatic.com https://.gstatic.com http://.bootstrapcdn.com https://.bootstrapcdn.com". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.

So what .htaccess-settings/PHP-headers do I have to set to allow embedding mllnm.de on an foreign domain?

Note: http://mllnm.de/wp-api is just an example page.

score 1 · Accepted Answer · answered Oct 21 '15 at 00:47

1

This Meteor blog post describes the browser-policy package.

The package can be installed with:

$ meteor add browser-policy

Using this package you need to set:

BrowserPolicy.content.allowFrameOrigin("http://mllnm.de/wp-api");

to allow http://mllnm.de/wp-api to be framed.

There is no PHP in Meteor. .htaccess creates access rules that govern how your site can be accessed, not what other sites it can iframe.

answered Oct 21 '15 at 00:47

Michel Floyd

18,793
4
24
39

Oh, I just thought I had to set something on the iframe-server-side - thank you very much for this help! – CodeBrauer Oct 21 '15 at 07:09

Embed website with iframe in meteor cross domain

1 Answers1