0

This is really, really weird. I developed a site offline using Apache / Strawberry Perl / Firefox. It displays data in object tags as expected, calling data from external sites.

Upload the code to server, and it will display objects where the code is on the same site ... but refuses to "pull" in data from other domains, (which I own)

If you try "http://demo.coadmem.com/members" and click on a circle on the left, a product listing appears, (served from same domain) but the ones from "cbwizard.cristofayre.com" and "cristoafayre.com/poppa" on same page refuse to appear. Yet when I set up a test using YouTube, it loads OK.

I asked the host if there was some sort of "block" that stopped the objects from loading external site, and of course their response was "we can see no problems reported in the error logs".

Also, at "http://coadmem.com/admin", there is another object at the top - which works fine offline, but from server displays a white empty "about" bar!!.

Here are two of the codes I'm using: (the cb-wizard one uses a bit of javascript to select a random keyword; too much to add here, so please view source code. Anyone see a glaring error as to why it won't work online?

    <object data="http://www.cristofayre.com/cgi-bin/poppa/banner_ad.pl?u=1:aa00" width=480 height=90></object>

    <object style="position:fixed;top:0px;width:100%;height:20px;" width="100%" height="20px" data="http://www.cristofayre.com/cgi-bin/admin_ad.pl?t=w"></object>

I know the scripts work, 'cos if you type the data line into a browser, the correct HTML is displayed; it just refuses to appear when on the server!

I'm wondering if there is some sort of "list" that the host might be applying that allows the majors such as Google / Youtube to be loaded into iframes / objects, but disallows 'minor' sites. (The suport team didn't seem to know anything about such a list)

** I also wondered if the "same-origin" policy is coming into play, but surely it shouldn't as that defeats the whole point of using iframes and objects in the first place.

Cristofayre
  • 121
  • 1
  • 11
  • Which specific links on the left on the demo page are the problematic ones? – Reinstate Monica Cellio Feb 23 '16 at 12:24
  • Duplicate? http://stackoverflow.com/questions/22534282/object-tag-with-pdf-doesnt-work-in-firefox-and-is-messed-up-in-ie – mplungjan Feb 23 '16 at 12:25
  • 1
    You have a CORS problems. There are two errors. GET http://demo.coadmem.com/cookie_tick/style.css about:blank:1 Refused to display 'http://www.cristofayre.com/cgi-bin/poppa/banner_ad.pl?u=1:aa00' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. –  Feb 23 '16 at 12:28
  • Jeff, I dunno how you discovered that the frame set X-frame-Options to 'SAME-ORIGIN' ... but you're 100% correct. Another support person told me to create a .htaccess file, and use "Header always unset X-Frame-Options" and - whatever it does - it lets the objects display the items as they should do. So I'm a happy bunny again! – Cristofayre Feb 23 '16 at 16:42
  • Archer: The problematic links were ... all of them! They all only displayed the one file rather than the three that should be showing. But between Jeff and the GreenGeeks support team, we have resolved the issue. – Cristofayre Feb 23 '16 at 16:45

1 Answers1

2

I was "sort of" right. It wasn't that certain URL's were being blocked, rather that the frames were set up ONLY to show data that originated from the same domain as the browser was set too, (don't ask me how the YouTube iframe circumvented this rule, but there you go!)

As you can see from the above comments, the solution was to create a .htaccess file and use the command "Header always unset X-Frame-Options" which in simple terms (that I can follow) is saying "Whatever the header for the X-Frame-Option is set to, ignore it! and display the data anyway"

Perhaps this might help someone in a similar dilemma. It was certainly baffling as to why the ActiveState / Strawberry Perl version worked OFFLINE, but not online.

Cristofayre
  • 121
  • 1
  • 11