Are iframes a terrible idea? [closed] Are iframes a terrible idea? [closed] javascript javascript

Are iframes a terrible idea? [closed]


javascript iframe widget

No, nothing wrong with iframes. Iframes are probably a better idea if you're going to start serving third party content.

The upcoming HTML5 spec also plans to build more security features into iframes for situations like this, so I would consider it good practice to use them now also.

javascript iframe widget

Before XMLHTTPRequest became widely used, people were using a combination of JavaScript and iframes to serve up content in a dynamic fashion without doing full page refreshes.

There's lots of information about developing sites this way so you should have a relatively easy time of it finding workaround to a lot of the snags that you are likely to hit.

The one thing that I have found to be a pain is cross-domain use of JavaScript in iframes. If the page you embed in the iframe is from a different domain than the "parent" page, browsers have security restrictions against letting you access one from the other. The trick is for both pages to declare 

document.domain = 'somedomain.com';

There's plenty of stuff on the Web about this kind of workaround.

Good luck!

javascript iframe widget

One thing I discovered recently is that .aspx pages embedded inside iframes sometimes have problems with losing cookies, which led to lost session state in an application I was involved with.

For me, it was in a scenario where a different development shop was consuming one of my .aspx pages in their own page. This means we were on seperate servers, which may or may not be salient.

Apparently this was caused by the parent page rejecting cookies for the child page... As goes the session cookie, so goes the session.

The specific mechanics of how this works are a little involved: More Details

This problem did not impact FireFox, but it did show up in IE7 and it was a real mystery for a few hours.

Also, I have to contradict the article I linked to above on one point. The article says that you don't get this if the containing page is also an .aspx... In this case, that was not true because both pages were .aspxs.

That casts some doubt on everything else the article says about this situation, but it did lead to a resolution, so that's something as well.

As the article suggested, I put in the following code, which injects a p3p (Privacy Preferences Project - I had never heard of it) header in the page's Init event:

HttpContext.Current.Response.AddHeader("p3p", "CP=\""IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""")

...And that fixed the problem.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last