872 comments found.
Hi there we added an iframe on this page: https://www.readystartbusiness.com.au/finance/
but want to hide the form header as shown in this screenshot: https://prnt.sc/7q1XTyZxYsvH
How do we do that?
Hi, Please see the FAQ I have written about this topic:
https://www.tinywebgallery.com/blog/forum/advanced-iframe-faq/how-can-i-show-only-a-part-of-the-page-in-the-iframehi,
I use the purchased license code on one DEV-domain. How can I deactivate that license, delete the DEV site, and use the license on the live site ? So I only use the license on one domain.
You can simply use it on the live site. dev sites are internally not counting.
hi,
Keeping cookie session on Iframe clicks works with this code:
<rule name="Add SameSite, Secure, and Partitioned">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" />
</conditions>
<action type="Rewrite" value="{R:0}; SameSite=None; Secure; Partitioned" />
</rule>
However, we want to make it more secure, and ONLY allow 1 domain to do this.
We tried this code, but then the cookie session is not kept anymore. What do we do wrong ? The parent site is something like https://www.testsite.be/abc/
<rule name="Add SameSite, Secure, and Partitioned for one domain">
<match serverVariable="RESPONSE_Set_Cookie" pattern=" testsite\.be" />
<conditions>
<add input="{HTTPS}" pattern="on" />
</conditions>
<action type="Rewrite" value="{R:0}; SameSite=Lax; Secure; Partitioned" />
</rule>
The parent website is on a subdomain folder: https://www.testsite.be/abc/ I changed the code on the child-domain to this, and it still does not work. However, this is needed for security!
<rule name="Add SameSite, Secure, and Partitioned for https://www.testsite.be/abc/">
<match serverVariable="RESPONSE_Set_Cookie" pattern="^https://www.testsite.be/abc/$" />
<conditions>
<add input="{HTTPS}" pattern="on" />
</conditions>
<action type="Rewrite" value="{R:0}; SameSite=None; Secure; Partitioned" />
</rule>
*Isn’t it possible that I use this code, which was succesfull in keeping the coookie session between iFrame clicks. But that I add aonther rule AFTER this code, to ONLY ALLOW iFrame requests or even views from https://www.testsite.be/abc/?*
<rule name="Add SameSite, Secure, and Partitioned for one domain">
<match serverVariable="RESPONSE_Set_Cookie" pattern=" testsite\.be" />
<conditions>
<add input="{HTTPS}" pattern="on" />
</conditions>
<action type="Rewrite" value="{R:0}; SameSite=Lax; Secure; Partitioned" />
</rule>
So adding something like this to only allow ONE PARENT domain ?
<IfModule mod_headers.c>
<if "%{HTTP_REFERER} !~ m|^https://www.testsite.be/abc/|i">
Header set Access-Control-Allow-Origin "https://www.testsite.be/abc/"
</if>
<if "%{HTTP_REFERER} !~ m|^https://www.testsite.be/abc/|i">
Header set Set-Cookie "SameSite=Lax"
</if>
</IfModule>
Sorry for this third message, but could this code be the solution to restrict it to only parent site https://www.testsite.be/abc , and prevent security issues like (Cross-Site Request Forgery – CSRF) ?
<rule name="Add SameSite, Secure, and Partitioned, and use parent domain condition">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" />
<add input="{REQUEST_URI}" pattern="^/abc(/.*)?$" />
</conditions>
<action type="Rewrite" value="{R:0}; SameSite=None; Secure; Partitioned" />
</rule>
I have not restricted this to one domain only. Have you tried HTTP_REFERER ? REQUEST_URI is normally the url of the iframe – not the parent.
Your very short stackoverflow answer does not work at all as it redirects. You should at least be able to offer a SECURE solution for you iFrame, right ?
Can you please investigate this in-depth, as otherwise your system exposes websites to clickjacking hacks (CSR) !
I have no solution to implement your system safely, and this is one of the groundrules of Codecanyon: code safety
So please add some more effort into this crucial aspect, which will benefit other users also.
So can you correct my last server code to only allow 1 parent-website?
Maybe we need code which adds this in the header ?
X-Frame-Options: ALLOW-FROM https://www.testsite.be/abc
Or this one is better and more supported ?
add_header Content-Security-Policy “frame-ancestors https://www.testsite.be/abc;";
My answer was only that you should try HTTP_REFERER instead of REQUEST_URI. Stackoverflow was only showing that this value exists.
My plugin does not exposes any security issues. I’m not responsible for your cookies. Cookies are not part of my plugin. The cookies belong to your website. And the support for cookies are restricted by the browsers – no me. So if you like to use cookies inside an iframe you have to add SameSite=None; This is a rule by e.g. chrome. Not me.
So you should simply check your cookies if you have a issue at all. I normally design cookies which contain data everybody can see or keys where only the server internally can do something.
Coming back to help you here. My next idea would also be to use X-Frame-Options or a CSP header.
ALLOW-FROM is not really supported: https://caniuse.com/mdn-http_headers_x-frame-options_allow-from – only IE11 is supported
Content-Security-Policy “frame-ancestors is the better choice https://caniuse.com/?search=%20Content-Security-Policy%20frame-ancestorsSo for you I recommend to add both settings to support the widest range of browsers.
Best regards, Michael
hi,
I embed an external websites that consists of several pages.
On the first iFrame page a session-cookie is set (which has an unique number).
The issue is that when clicking inside the iFrame on page 2, the session set in page one is not kept!
how to fix this please ?
Please see this page: https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo/how-to-use-the-samesite-cookie-fix
Cookies in iframes are only supported if they are secure + SameSite=None.
This is new since last year. So you need to adopt the cookies of your page in the iframe. See the page to change this in the server without changing the application.
Best regards, Michael
awesome! Works like a charm now. What super plugin 
Just a dumb question:
Does this has to be put on the parent website with the <iframe>, or on the child-site that is embedded ?
Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None;Partitioned Header set X-Frame-Options ALLOWALL
In the embedded page in the iframe.
hi,
GREAT plugin !!
How can I whitelabel the URL to ai_external.js ?
I want to send this js-url to the owner of the external website, but hiding the original PLUGIN URL where he can see we use iFrame Pro (for security & privacy reasons).
How can we do this without using a plugin like “WP hide” ?
Thanks
You can simply copy ai_external.js to a different place. You have to enable multi site in the settings because otherwise the file is bound to your domain.
The drawback is that no settings can be changed anymore. ai_external.js is normally rendered with the new settings when you press save in the administration.
Best regards, Michael
hi ok, thanks!
1/ What’s bizarre, is when I include (with the normal path) the minified file ai_external.min.js, it does not work. It only works when I include the uncompressed ai_external.js. Why is that ?
2/ Can I omit this path line to the plugin from the javascript ai_external.js, for whitelabeling & security ?
if (typeof domain_advanced_iframe === ‘undefined’) { var domain_advanced_iframe = ’//www.testwebsite.be/wp-content/plugins/advanced-iframe’; }
So I just need an option to whitlabel this plugin, so the recipient can’t identify this by opening the JS file. thanks
1/ I do not know why. Normally this 2 files are generated at the same time. 2/ This variable is needed if you do not use postMessage for communication. Otherwise you can simply set this to an empty string.
thank you. PLease keep the uncompressed ai_external.js. Certainly keep it also in futur updates of the plugin, as this is really the only one that works for me. The automatically compressed ai_external.min.js does not work for url parameters from parent to iFrame (only the uncompressed works).
When I manually compress ai_external.js, I have a compressed version that works ok. So my guess is there is an issue with your JS compressor …
But anyhow, I got it working, I am very happpyyyyy and highly recommend your plugin 
The uncompressed is actually the default. If you say it is brocken it seems you are the only one using it. Can you provide a link to the broken version? I would like to check what is wrong. Best regards, Michael
Hi we want to add an iframe for a finance portal on our website : https://consumer.zink.com.au/v1?cta_guid=10d06fba-fa02-42db-bef6-81d13424240e&broker=648&ref=4516&page_id=67970699568&loan_asset=Personal
However we want to hide the header or even replace it with our logo. How do we do that?
Tried to use the Advanced IFrame Pro area selector but its very complicated
We embedded it here fine https://www.readystartbusiness.com.au/finance/ but wanted to not show header in iframe
Hi, Can you please explain what the problem with the area selector is?
https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo/show-only-a-part-of-the-iframeYou go to the selector: https://www.mdempfle.de/examples/configurator/advanced-iframe-area-selector.html add your url and select the area you like with the mouse.
Best regards, Michael
hi,
I just bought your awesome plugin
On my main website with iFrames I have 3 pages. On each page a different iFrame is shown, which shows a different url, from the same external domain.
I have these questions:
A // I want to be able to send only ONE script to the external domain, which is hosted on my own website. In that script I want to include the ai_external.js. BUT I want to have three conditional statements: 1.if the external URL ends with /abc, include those specifiek variables (for example var iframe_url_id = “ai_id”; var iframe_content_id = ”#iframe-content”; etc) 2. if URL ends with /def, include those variables 3… So this way the external website only needs to host one script link on alle pages, which resides on my website, so I can change it very easily. So is this possble, that this one script can define different var’s, conditionally fired by the external website url paths ?
B// Can certain links in the external website be changed, so they point to the main website url with a parameter ?
C// Can a part of the iFrame content be used, to show in the main website ? So let’s say a H1-content from the iFrame, can this text be used outside the iFrame as real text ?
Thanks !
A – for this I have a template in the js folder. There you can do exactly such a switch. Please check it if this fits for you.
B – links can be changed. See a working example here: https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo/change-links-targets
c – yes. if you can use ai_external.js please see here: https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo/external-workaround-with-post-message
Best regards, Michael
hi,
I was testing your demo: https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo/add-iframe-url-as-param-remote-domain-urlrewrite
However, when clicking in the iFrame on page 1, page 2, page 3, it does not work as expected: - sometimes the parent page url is changed, sometimes not - after clicking a few times on one iFrame url it changes, but quite random - when clicking on “page 1”: nothing in the iFrame parent url is changed, when clicking a few times on “page 3” it shows a strange url, which keeps even when I click on “page 1” again.
So this function is what I need, but unfortunatley it works very buggy.
I tried other demo’s you have there, with the same buggy, untrustworthy functions: sometimes it works, sometimes it doesn’t, after clicking a few times it might show and does not change when clicking on another iFrame link, etc
Can you elaborate on those issues please ?
Thanks Janice
Hi,
Please see what I have written on the page:
add_iframe_url_as_param_prefix=”hashrewrite” – enables that the the url is saved in the database and an id is added to the url like /iframe/X. The change in the url is a little bit delayed as there is an additional Ajax call to the server.
And the “strange” url is the hash configured. As there are only few links the “hash” is only one character.
As this urls are generated on the server there is nothing I can do if you click faster then the server answers. So this is no bug. Only the delay of the server. I can maybe check if you click another link that the result of the request before is ignored.
If you do not like this you have to use one of the options that do not use hash or hashrewrite. All other url rewrite links work in the browser with javascript and the links are replaced right away.
Best regards, Michael
hi,
Ok I see, then I might go with the Javascript-solutions which work better indeed
If in the iFrame the user logs into an external site, will that “session-cookie” maintained between different main-website-pages wit different iFrames from the same external domain ?
Thanks
This is normal browser behavior. If a cookie is available for a domain it is sent by the browser. You have to make sure the cookies work in the iframe! See https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo/how-to-use-the-samesite-cookie-fix
Best regards, Michael
Hi, I have a contact form on my main site and I’m looking for a solution to embed it in my second site. Basically I want my second site to use the contact form from my main site. Is it something this plug can help? Any suggestions would be greatly appreciated.
Have you checked that the form also work in an iframe properly. If yet then the plugin can help you.
You can do a quick test here: https://www.tinywebgallery.com/blog/advanced-iframe/free-iframe-checker Example: https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo/external-workaround-with-post-message#e51Is an example where elements which you do not like are hidden and you have also have auto height so it scales properly.
Best regards, Michael
Thank you so much Michael. We installed the free version from wordpress.org to learn how it works. Right now one issue we are facing is that the message box is a textarea box and the user can resize the box. If the height of the message box is increased by the user, a scrollbar will show too. see https://ibb.co/xYmbcBn I understand that it is normal because we set the iframe height to 600px, but does the plugin provide a way to restrict the scrollbar from showing? If this question is more suitable for wordpress.org, we will post it there instead but I was just wondering if this involves a pro feature so that is why I asked here first. Again, thank you and any suggestions would be greatly appreciated.
Just wanted to clarify… if the scrollbar is disabled, I’m afraid the Send/Submit button below the message box button will also “disappear” if the user increases the height of the iframe, correct? If so, I think I probably didn’t explain myself right. What I meant should have been that how to AUTOMATICALLY increase the height of the iframe (so the scrollbar won’t show) if the user increases the height of one of the elements, in our case, the message box. Thank you.
Are you able to use the external workaround? Means then the iframe can resize to the new height once the content changes.
See https://www.tinywebgallery.com/blog/advanced-iframe-resize-to-content-summary
A working example where the content is changing without a page reload. https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo/resize-on-element-resize#e27Best regards, Michael
Hi Michael, we own the parent domain so we can easily add the script you mentioned to the html header of the parent site. I read through the helpful documents but unfortunately still couldn’t fully understand it, especially the concept of “id”. Can you please help us set it up? Honestly, we made a special contact page just for this purpose and there is no header, footer, sidebar but only a simple contact form.
You can stick to the default id. So you add the script and configure everything in the administration.
Best regards, Michael
Hello, is there a way using your plugin to embed an iframe of a page translated by google translate or other services please? Thanks
Hi, The plugin itself can not translate. Have you tried to use google or bing translator to create a iframe link that generates a translated page?
yep I know that plugin doesn’t translate but it seems that google translate is not simple to iframe… any experience? Thanks
Sorry, No experience here. e.g. https://www-tinywebgallery-com.translate.goog/blog/?_x_tr_sl=auto&_x_tr_tl=fr&_x_tr_hl=de&_x_tr_pto=wapp does not work in an iframe because of security constraints.
Hi, I am interested in your product to use for a specific purpose but can not see in your screenshots samples, if it will work.
In my platform I have created a function to create multiple internal sub-pages.
I am looking for something where I can call the other websites to display via an iFrame (embed) on these internal sub-pages, but these websites need to display with 100% height and width of each page on display.
So when a user opens the sub-page and lets say a websites Home page displays they are able to see the Home page without it having a Page scroll bar, within a scroll bar on the sub-page.
Plus if they go to the About Page, the system makes sure the Height adjust accordingly.
I also need to be able to create multiple iFrames for a lot of sub-pages without restrictions.
About your multiple iframes: multiple on one page or different iframes on different pages. If you use several iframes like my example the config is a little bit more complicated as each iframe needs its unique id everywhere.
Best regards, Michael
Hi, thank you for the reply.
Basically I am trying to embed a website into an iFrame that can automatically adapt the height as users interact on the website via the specific iFrame.
Meaning, lets say I have Website-1 as my main website with its own Header and Footer, but the iFrame will be placed as the body of on Website-1.
Then Website-2 will display via the iFrame.
Now Website-2 will need to display with 100% height showing its Home Page. As the user clicks for instance the About Us or Contact Page and it opens in the iFrame, the iFrame needs to adapt the height (seeing that the About and Contact pages not being same height as Home Page)
At the end it will allow Website-2 to display fully and remain responsive without adding a right hand scroll bar if some sub-webpages height are more or less.
The front end user will only see Website-1 Header and Footer with Website -2 opening all its pages as the user browses but the Footer will move up and down below the iFrame as they navigate via the iFrame looking at Website-2.
With all Website-2 pages showing with 100% height, but the iFrame needs to ensure that it adapts accordingly.
So what is the difference to the first question? Please read https://www.tinywebgallery.com/blog/advanced-iframe-resize-to-content-summary how auto height can be configured.
Is there a way for us to communicate via email and not this comment section. Then I can supply the Url I am testing with and you can maybe insert it into the iFrame you are mentioning.
Easier to then illustrate what I am referring to and if it does work as required, then I will purchase the script
Simply go to the support tab. There you find the e-mail contact and the link to the forum. Please also see there what is included in support. It is also no problem that I do it for. I offer also paid support where I do installations and customization.
Best regards, Michael
Hi. Sent you an email. Thank you
I already replied.
Hi there, any updates regarding your website downtime? I would need some instructions regarding responsives etc. or do you have a backup somehwere else running with the docs? Thank you
I already called the hoster and they opened a priority ticket. My webspace seems to be fine. It seems there is a issue with the server itself I cannot do anything 
.
Please note that the docs are in the plugin directly! The demos are unfortunately only available on the website.
If you have any questions please ask them here. I will try to answer them asap.
Best regards, Michael
About responsiveness. What is your issue. Do you like auto height? In the administration is a search where you can find the solution for the same domain (advanced tab) or for different domains (external workaround tab)
Best regards, Michael
ok thanks i will have a look btw strato is one of the worst hosts i think in germany -> checkout hetzner its way better. I guess the site is on a shared hosting.
I’m also very unhappy now with them. Had no issues for years and now it is almost 3 days and nothing is solved yet. I already called them 3 times – still no progress.
Website is back…
Your website for instructions is down. I just purchase this program and can not get to the website for the instructions.
Hi, I already contacted the hoster strato.de, which is one of the biggest hoster in Germany. I hope the website is back online soon.
Documentation of each parameter are included in the plugin. Please go to the administration of advanced iframe for this.
Sorry for the inconvenience.
Best regards, Michael
If you have any questions until the website is back please simply post them here. I try to answer them asap.
Best regards, Michael
I am just trying to change the css of the iframe. https://www.salonvision.com/adayawaysalonandspa/GiftCertificatePop.aspx I just need to change the blue to red.
This is an external website.
if you want to change something inside the iframe you need to use the external workaround. Please see the “external workaround” tab in the plugin. There you see which line of code you need to include to the external site. Once you have done this you can change css also inside the iframe.
Best regards, Michael
website is back.
Hello Michael, I know my support has expired but will appreciate it if you can give me a heads-up on this: I have embedded a woocommerce bookable product page inside a page. The product page is on the same domain. I need that, when a user makes a booking from the product page, the client should be redirected EXTERNALLY to the cart or checkout page. It shouldn’t open within the iframe. The reason i don’t want it to open within the iframe is because once user is on the cart page, there’s no way to go back on the product page. Thanks for your help
Hello Michael, any heads-up to my question? Thanks
So you like to change the target of a link/form at a certain place?
Please check if this can help you: https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo/change-links-targets#e11
Hi I saw that before, the problem is I can`t manually change the link since this is controlled by woocommerce code.
Oh! No worries, man, now it’s working:) I have added this part to my shortcode:
change_parent_links_target=”a#link1,a#link2|bold” change_iframe_links=”#iframe-navigation a,form” change_iframe_links_target=”_blank” change_iframe_links_href=”append~?conf=1”
And now it’s working. Looks like before i was missing out something. Thanks for the support. Amazing plugin you got.
cool. Glad it works.
I want to use 3rd websites for iframe , should i use external workout? Also how can i do auto rezise.Website is full responsive.
Yes. You should use the external workaround.
Best regards, Michael
After i do iframe , people can understand website is iframed from source code? I mean what’s difference if i use only iframe html code.
Sorry. What do your mean?
Best regards, Michael
Please halp me how to iframe https://www.grammarly.com/, try notif www.grammarly.com refused to connect.
Hi,
this page has header which prevents to be included:
Content-Security-Policy: frame-ancestors ‘self’ *.grammarly.com
This means only grammarly.com can include this page.
Best regards, Michael
Hi, is there a way to embed YouTube video, when “The owner of the video has disabled playback on other sites”?
I think this is blocked from YouTube side then. I do not know how they prevent the playback. Still as my plugin simply displays the content it gets also in an html iframe there is nothing this plugin can solve.
Best regards, Michael
Hello,
I have discovered in googles page speed analysis that google needs a description of the content from the iframe, see here: https://ibb.co/wwFRGcd
How can I solve this?
Hi, The page Is not loading for me right now. I’m on a bad internet connection. I try tomorrow again and let you know.
Hi, I tried today again and it is selling me the site does not exist. Can you check please and send a updated link if possible?
Hello. Does the plugin work to insert a registration form from another website with anti-bot functions like Captcha? I am currently using the free one but I cannot register because I get an error in the Captcha.
I. I do not think the pro version will solve this issue. I expect that your form needs cookies and they do not work in an in an iframe. Please see https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo/how-to-use-the-samesite-cookie-fix. You can check in the browser console if you are affected. There the cookie issue is logged.
Best regards, Michael
NEW88
