I am deploying an <iframe> on a page on Site A as a quick and simple way to display a fragment from a complex page elsewhere on Site A:
<iframe src="http://site-a.com/complex-page/"></iframe>
Nothing displays in the <iframe> on Site A.
http://site-a.com/complex-page/ in the browser and the page displays normally.<iframe> by using http://site-b.com/complex-page/ as the source and the <iframe> displays the external page on (external) Site B, as expected.<iframe> by using http://site-a.com/complex-page-2/ as the source and, once again, nothing displays in the <iframe>.So... this is clearly something to do with Site A, if the <iframe> on Site A is not displaying any of several pages on Site A, but it is showing any of several pages on Site B.
This clearly isn't a same-origin issue - Site A is the same origin as Site A.
So what is preventing the displaying of the external page on Site A?
Additionally:
If I Right Click > This Frame > View Frame Source then I can see the HTML Source of the document loaded by the <iframe>... but whatever content or styles I add to the document, nothing displays.
That suggests the <iframe> is successfully accessing the page but then (for some reason) failing to display it.
Supporting information: The site is built with PHP server-side and with HTML5, CSS3 and Javascript client-side.
This problem was a little easier to solve, once I had understood that what I was facing was an X-Frame-Options issue.
Apparently X-Frame-Options can have three values:
DENYSAMEORIGINALLOW-FROM [URI]X-Frame-Options can be set in an .htaccess file using any of the three values above.
In this case I needed to add the following lines to my .htaccess file:
# HEADERS
<ifModule mod_headers.c>
Header set X-Frame-Options "SAMEORIGIN"
</ifModule>
Thanks to this page:
[Iframe] X-Frame-Options : website does not permit framing
http://techdc.blogspot.co.uk/2015/04/iframe-x-frame-options-website-does-not.html