Answer the question
In order to leave comments, you need to log in
M
M
makar042021-06-21 19:17:54
makar04, 2021-06-21 19:17:54
Why is sending the authorization form and redirect to Iframe blocked?
Good evening! There was a task to write the expansion in Google Chrome.
By clicking on the extension, on the page of any site, an Iframe opens with a form that is loaded from another site.
If the user is not authorized on the site that is loaded in the Iframe, the authorization page opens first and after authorization, a redirect to the required form occurs inside the Iframe.
On most sites, no difficulties arise and the user logs in and redirects to the desired page without any problems, but on Yandex services, content is blocked as soon as the submission occurs.
The Iframe has its sandbox attribute set to allow-scripts allow-forms.
Tried to insert in header 'Content-Security-Policy: frame-src https://*.yandex.ru' Unfortunately, it didn't help either. I'm
attaching a screenshot with blocked content on the Yandex Market website:
A screenshot from the console that shows the error "Content Security Policy of your site blocks some resources", swears at the frame-src directive:
Please tell me what can be a problem and how to bypass the lock?
1 answer(s)
@strelok011
S
strelok011, 2021-06-21 @strelok011
You will not be able to bypass blocking due to CORS (Cross-Origin Resource Sharing) settings. It is configured on the server side.
There are sites specially configured to provide such access, usually these are some kind of widgets for sites.
Dreams of "opening the form of any other site on any site" are forbidden (fortunately) in all modern browsers, otherwise the theft of money and personal data would not be deterred.
https://developer.mozilla.org/en/docs/Web/HTTP/CORS
Similar questions
V
A
K
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question