Social Media sites preventing other sites displaying their pages in an iFrame
Last week at work we noticed that if you try and display a YouTube page in an iFrame you are shown a page stating that this is not allowed. A link is shown that takes you direct to the page. We looked at other social media sites, both Facebook and Twitter also do this.
I have two questions. One how is this done? My guess is it's a check something lik开发者_高级运维e:
if(window != top){
// display 'error' page
}
The other question is why is this done? My first thoughts were maybe it was to do with security but the more I've thought about it, the more I think it's a legal thing or a marketing decision.
Websites don't want other websites stealing their content. I remember implementing something like this as far back as in the nineties. You pretty much answered your own question. However, it is also a security issue. At least with Twitter, there used to be some malicious sites, which would do the following:
- Make some bs website with something about tweeting or posting something, showing some kind of form.
- Include an iframe pointing to http://twitter.com/share?text=SPAM_TEXT_HERE
- Position that iframe into a place where a button for the bs site's form would be.
- Scroll the iframe so that only the "Tweet" button shows from the iframe.
This way they would get people tweeting their spammy tweets.
the problem is in youtube policies, I give you the official answer by youtube's David Boyle and the correct embed options on api' s page https://developers.google.com/youtube/player_parameters?hl=it
Hello YouTube API Developers,
This Wednesday, January 12, the YouTube.com web team will be
implementing a change to prevent websites from including the www.youtube.com
website on their pages via an <iframe>
(or <frame>
). Following this
change, an <iframe>
pointing to www.youtube.com will cease to display
the YouTube web site, and instead will display a blank page.
While this change isn’t directly related to the YouTube API, we did
want to announce this change in advance on the off-chance any YouTube
API developers out there do include www.youtube.com on their site’s
pages via frames. We also wanted to make clear that this change is not
meant to affect the official <iframe>
YouTube video embed API
(described at http://apiblog.youtube.com/2010/07/new-way-to-embed-youtube-videos.html),
which should remain fully operational. It is only intended to affect non-embed API usage.
If you’ve been including www.youtube.com on your pages because you were not sure how else to embed videos, this YouTube Help article details the official methods of embedding:
http://www.google.com/support/youtube/bin/answer.py?hl=en&answer=171780
Best Mario
精彩评论