Sun 22 Oct 2006
While recently looking into Google Gadgets and pondering on the possibility of an open gadgets API that allowed you to place gadgets on your own site that were hosted elsewhere, I came up with a method that can be used for resizing IFrames where the page within the IFrame is hosted on a different domain.
A simple search for “resizing iframes” on Google returns 581,000 results, and the first one that I found gave a perfectly reasonable method for resizing iframes when all the content is stored on a single domain. Unfortunately due to the security restrictions in modern browsers, JavaScript in a page hosted on one domain cannot access a page hosted on an alternative domain, even if you really really want it to. But there is a way to allow communication.
So first, before I describe the solution I’ll mention a caveat - this solution relies on the page in the iframe doing something. This means you can’t have resizable iframes for just any content - either you have to have control of the content in the iframe or its owner has to make functionality available to you, but I think that’s a good security restriction. You have to trust the content you’re linking to if you’re going to implement this.
So - on to the solution. Put an iframe in your iframe. That’s it, that’s all you need to do. Come back next week for how to make Windows completely safe from viruses and Mac OS popular………..
What? You want more details? How about if I tell you to make the inner iframe link to something in the main window’s domain, does that help?
The diagram above aims to show you what I mean by this. You can also see this example in action. The main page in the example is served by the host mcknut.googlepages.com. It in turn has an iframe on it with some content from www.johnmckerrell.com. The three links inside the iframe try three different methods for resizing the iframe.
- The first link tries to simply access the parent window directly. This will not work on any modern browsers as it will be flagged as a security violation.
- The second link tries the best solution. There is a hidden iframe inside the main iframe. When you click on the second link iframe-resize1.html is loaded into the hidden iframe from mcknut.googlepages.com. iframe-resize1.html is passed a height value from the main iframe and then using JavaScript can access the main window, instructing it to resize the iframe. This is not flagged as a security risk because the domain of the page in the hidden iframe is the same as that of the main window.
- The third link tries another alternative which also works, but is slightly more cumbersome. This version loads the resizing page in the main iframe. The resizing page is served from the same domain as the main page and calls some JavaScript on the main page to resize the iframe. It then uses a callback mechanism to return the iframe to the original page. This is more cumbersome as it has to reload the content in the iframe, and would not be suitable for an iframe with dynamic content that might need resizing numerous times.
So, to wrap up, the second solution mentioned above is the ideal way, as it resizes the iframe without affecting the content within it. I see a definite security problem here if you have multiple iframes with content from multiple domains in, as you might find that any iframe would end up with the ability to impersonate any other iframe. I think this could be solved though by labelling the iframes using random strings and using these strings when communicating from iframe to main page. I’m also not entirely sure about the validity of the window.parent.parent.updateIFrame() line. As you can see from the diagram below, it looks like I’m being allowed to cross domains in my JavaScript which of course should not be possible. If this turns out to be a security violation that browsers are likely to fix, though, I think window.top.updateIFrame() would suffice in most circumstances, and should in theory be fine.
Please leave comments to let me know what you think of this solution. I’ve not been able to find it in use anywhere else but if you’ve seen something similar before then let me know. Also if you have any suggestions for improvements I’d be happy to hear them. I’ve been intending to have a go at a mechanism to allow two way communication between the iframe and the main page (currently you still wouldn’t be able to pass information into the iframe from the main page) but I haven’t had time to knock something up so if you do, let me know.
UPDATE: IFrame Example Code - I’ve now collected the files together into a zip file that you can download. You will need to change the domains (mcknut.googlepages.com and johnmckerrell.com) to your own domains though for it to work correctly.
June 20th, 2007 at 2:54 pm
Anybody managed to get this working? John Ive copied ur instructions to the book but I keep getting permission denied errors. Is there anything I’m missing here or I should know that might be stopping mine from working?
Any help anyone can give me to get this working will be much appreciated.
Top Regards
June 20th, 2007 at 4:18 pm
As mentioned by email, so long as you make sure that the resizing iframe is hosted and loaded from the same domain as the main page, this should all work.
June 25th, 2007 at 10:23 am
Got it working! I moved the inner iFrame onto the same domain and everything is ok now. Thanks Alot John
C
June 25th, 2007 at 10:36 am
Glad you got it working Craig, and thanks for posting the followup
July 13th, 2007 at 3:00 pm
Greate job very helpfull for me and works fine. Thanks a lot.
August 11th, 2007 at 3:47 am
Here’s my scenario. Our clients have an iFrame on their web site that load a page on our domain. We need to resize the iframe each time the iFrame shows a different page.
The resolution for method 2 requires the hidden iFrame to point to a file on the client’s server. This is undesirable.
Would be great if there were a work-around to this. Is it possible for the iFrame to have a source of a about:blank or void or anything else?
August 13th, 2007 at 12:10 pm
@GpD - I’m not sure you’re going to be able to find any method that doesn’t involve your clients making changes on their side too.
If you simply want to remove the necessity for an extra file then you might want to try this alternative for iframe communication:
http://tagneto.blogspot.com/2006/06/cross-domain-frame-communication-with.html
December 14th, 2007 at 10:35 pm
Here’s an example of two-way cross-domain iframe communication using the Yahoo libraries
http://www.julienlecomte.net/blogfiles/cross-frame/
January 18th, 2008 at 5:51 am
hello i want source code for this iframe thanks
January 18th, 2008 at 10:48 am
@guarang - You should be able to get the source code from the example that I’ve linked to in the post, but you can also now download the code in a zip file here.
January 21st, 2008 at 10:56 am
Hello Dear
I have one iframe in main page and in that iframe i have src of my site and i want to resize height of iframe according to its content but i cant able to do that because of cross domain and give me a error message that “access denied” so pls help me for that….
January 30th, 2008 at 10:24 am
@Guarang - If you follow the instructions on this page, or use one of the other examples listed in the comments, you should be able to get around that problem. You have to have some control over both sites though for this to work.
February 20th, 2008 at 6:58 pm
I don’t believe this is still working for IE 7 or Firefox 2.0+. Can anyone confirm this?
February 21st, 2008 at 11:01 am
@Ben - I’ve just tried the example page in IE7 and Firefox 2.0 without issue, not sure why it’s not working for you.
February 22nd, 2008 at 5:52 pm
Hi, John,
This is a clever solution and I’ve been able to implement it without trouble. Thank you very much for providing it.
The only somewhat minor annoyance I’m finding is with Firefox 2 (Win and Mac). Because I’d like the iframe to automatically resize itself instead of having to click a link, I’ve added test2() to its page’s onload event. Everything functions correctly, but Firefox does two odd things:
First, I’ve determined that it fires onLoad() (in iframetest-resize1.html) twice whenever you refresh the top level page.
Second, it continues to try to load something - I can’t tell what - endlessly. (The “loading” icon in the top right of the browser never stops spinning.)
The above oddities seem related to the fact that an iframe is loading in an iframe, because if I comment out the line setting the iframe-in-an-iframe’s src, the endless loading issue does not happen.
Have you encountered this and/or have any ideas how to prevent it?
Thanks,
Joe
February 22nd, 2008 at 7:25 pm
@Joe - For the problem of the double onLoad events, you could check what the src of the iframe is before you set it (i.e. in test2). You’ll probably find that Firefox is remembering that the inner iframe contained iframetest-resize1.html so is loading it on its own, and then your code is also callign test2().
Alternatively, and probably better, would be to remove the iframe from the HTML and to instead create an iframe using JS DOM functions. I think this will get rid of your problem with the “loading” icon too.
February 24th, 2008 at 2:44 am
Hi, John,
I tried creating the iframe on-the-fly with JS, but that didn’t resolve the issue. I haven’t tried checking for the iframe source first, yet.
I stumbled upon an inexplicable solution, however: In my case, the page on which the resizeable iframe appears contains graphical navigation items with JS-controlled mouseover states. Mousing over one of these items stops the browser loading. I have no idea why this happens, but it’s my temporary work-around until I figure out something that makes sense to me.
Thanks,
Joe
March 11th, 2008 at 1:40 pm
Hi John,
I use your script, it’s very usefull to me, I have a web application where i have a Iframe calling another web applicattion, thanks to your script and use of a maste rpage can i fit the iframe with the content. i just need to put some code in the maste page, great solution buddy.
Thank,
Lucas
March 12th, 2008 at 9:44 pm
I’ve been wanting to use an iFrame for a particular site I’m working on (a sidebar with 200+ links). I’ve got my iFrame embedded well (using HTML and CSS), but I keep running into an issue whenever the link is clicked, the content loads into the frame, and not the ‘main’ page. what am I missing?
March 12th, 2008 at 11:22 pm
@Norcross - could it be that you need to add target=”_top” to the links in your iframe so that they load ing the “top” (i.e. the main) page?
March 17th, 2008 at 12:43 pm
WARNING: The dowload code is not identical with the example code. It is missing:
var height = Math.max( document.body.offsetHeight, document.body.scrollHeight );
March 18th, 2008 at 11:50 pm
Relates to John’s post from earlier… I just wondered whether you had had any further thoughts on resolving this ‘perpetual loading problem’ I’m encountering the same problem when I put the test2() function in the onload event.
Have tried trapping the src - nothing in it before I set it with test2()
Cheers,
Karl
March 19th, 2008 at 10:23 am
@Frank - Thanks for pointing that out, I’ve now fixed the download.
@Karl - I’ve just had a play with using an onload event and I also saw the same issue. I tried a few things and the only one that seemed to work was to put the call to test2() inside a timeout, this makes sure it occurs after the onload event has completed (and thus stops the spinner from perpetually spinning). A 100ms timeout is enough to fix the bug and won’t be noticeable to the user. Here’s the code that I used:
window.onload = function() {
setTimeout( function() {
test2();
}, 100 );
};
March 19th, 2008 at 10:48 am
Alternately, you can put test2() at the end of the document if you don’t mind adding a script tag to the html.
March 19th, 2008 at 1:00 pm
John,
Thanks for your quick response!
Frank,
Thanks for your comments… after posting last night I was playing around and figured that one out too, works like a charm.
Thanks to you both. Strangely and still getting scrollbars appearing, but I’ll dig in to the maths to figure out what’s going on.
March 19th, 2008 at 2:50 pm
Sorry to come back to this again,
But now I’m finding that the frame will dynamically enlarge fine, but once it’s enlarged it will not shrink again (for example from switching from a small content page to a large content page and back again). Any ideas?
March 19th, 2008 at 2:57 pm
An immediate follow-up to my last post - it seems that the following line doesn’t work for shrinking the page:
Math.max( document.body.offsetHeight, document.body.scrollHeight );
as scrollheight will report the larger (resized) iframe size. As math.max picks the largest number, the new smaller frame size doesn’t get passed to the resize function. Am just using the offsetHeight, which so far seems to work fine.
April 19th, 2008 at 12:11 am
brilliant work, john.
i’ve shared it here, and it received over 500 hits so far, in a few months. i rewrote your script, and prepared instructions for total beginners:
http://www.surveygizmo.com/forum/how-do-i-how-does-this-work-wtf/auto-fit-your-embedded-survey/page-1/post-4220/
THANKS
May 1st, 2008 at 4:35 pm
John
I find this information very useful. Thanks for putting this together.
I have a little different scenario and was working if your solution would work for it.
Heres our scenario: I have a website A that needs to be loaded into website B (on different domains). For this we have a javascript on website A domain and its included in website B using .
The javascript on website A is writing out a tag with iframe within it. and src of iframe has website A’s url.
With this website As url is getting loaded on website B. All this works fine but i am having trouble overriding styles used in page (website A) loaded within iframe and was wondering if there is a way to override the styles of page within iframe ?
If website A shares their styles sheet, can website B use it to customize it to their needs and have that modified stylesheet used by page loaded in iframe?
Thanks for your help
Kanth
May 5th, 2008 at 1:28 pm
@Kanth - I’m not sure but I don’t think you can override styles within an iframe from outside of it, you’d probably need JS to write a new stylesheet (which would also have cross domain problems) or some server-side process to manage the CSS files.
May 7th, 2008 at 4:46 pm
Thanks John! I am so glad you have this info posted here. This is truly the solution I was hoping to find in dealing with a cross server iframe presentation.
May 9th, 2008 at 5:11 pm
Thanks John for the reply
I found a workaround for overriding the styles within an iframe from outside of it.
Using the same example i have in my earlier post…
website A will have stylesheet and will be the default one and also since website A can share the stylesheet file…(css file)…website B has access to stylesheet file and if they want to make any changes to the styles they modify the css file distributed by website A and keep a customized file on their server…and since css file is public…when website B loads website A on their website within iFrame..they should be able to pass path of the customized css file to the javascript (residing on website A)..now website A can use this css path when passed from website B otherwise it uses default one..
i have tested this and was working fine..
June 16th, 2008 at 6:26 am
@Karl
Karl, please describe more in detail as you have solved a problem - I have faced with same, but offsetHeight does not work.
June 24th, 2008 at 12:42 pm
You a freekin Genius John!
Jethro Arenz
Cape Town, South Africa
July 9th, 2008 at 9:23 pm
Hello:
For those of you who are still having problems with Firefox never completing a load….
I put this in my hidden page and it worked!
if( typeof( height ) == ‘number’ ) {
window.top.updateIFrame( height );
window.top.stop();
}
July 16th, 2008 at 3:36 pm
Hello,
i am using IFRAME in my webapplication.The problem is the content that should be displayed inside this frame is from another domain.
For example, IFRAME is in “abc.com” and the content that is displayed inside this frame from “xyz.com”.
So the content is displaying but the IFRAME size matter.It is not adjusting the size with the content in another domain (ex : xyz.com).But the application in xyz.com is preconfigured we cannot modify except permissions to display. Anything that i can do is in “abc.com”.Iam using JavaScript.
I dont want scroll bars in frame.
For my application it is not possible to both app’s in same domain.
Can anybody provide the solution for the above problem will be much appreciated.
With the info provided in this page i came to know its a domain problem.Can’t be possible with IFRAME for displaying content from “xyz.com” ?
Thanks
August 8th, 2008 at 2:05 pm
Works perfectly, neat, simple. Thanks a lot !
August 26th, 2008 at 2:19 am
Thanks for the solution. Using the technique I wrote small snippet. In my case I have to load in iFrame third party content. I have multiple domain that point to same third part content so the path to the js file is dynamically created. That part works fine but when I try to load the iframe it does not work. This only happens in IE. Firefox works fine. Not sure why. any help.
August 26th, 2008 at 2:21 am
Oh and the third party has put the code snippet at the bottom of their page to load the hiddeniframe..
September 9th, 2008 at 1:01 am
Update: SOrry it took this while. The code actually works. I tweaked it well. The issue earlier was latency issue and I moved the code around without any issue.
September 18th, 2008 at 10:28 pm
Thank you very much for this solution. I have been searching for days. This works perfect.
October 1st, 2008 at 9:55 pm
This is an excellent solution. I am implementing this for a new project I am developing.
My only issue is I cannot seem to make it work within IE6. There is no JS error thrown, it just won’t work. Its as if IE6 completely skips over the script for some reason.
Still, I have tried your test page in IE6 and it works fine. Do you have any suggestions as to why this is not working for me.
Thanks in advance for your help
October 15th, 2008 at 6:32 pm
This is perfect. Worked so well. Thanks very much. Tested it on safari (mac and pc), firefox 3 (mac and pc), ie6, ie7 and chrome - all work great!
October 27th, 2008 at 4:22 am
Autofitting iFrame…
IntroductionDoes your iFrame step through multiple pages of varying heights? Or, does the height of the remote page change frequently?Do you find that the height of your iFrame is sometimes too short, cutting off the bottom of the remote page? Is y…
November 7th, 2008 at 10:52 pm
John,
Awesome work! been looking for a solution like this for a while now. However, I can only get it to work when “www” is included in the iframe ref for obvious reasons. For example iframe will resize if you are on “www.mydomain.com” but not when on “mydomain.com” Do you know of any way around this? Thank you in advance.
November 8th, 2008 at 9:08 pm
Ben,
This technique aims to get around the same domain problem between two sites on two domains. By adding a third domain, even if it’s just adding ‘www’ to the beginning, you’re exacerbating the problem.
I see that your site furnituredealer.net is also available on http://www.furnituredealer.net. I imagine you get some users hitting one domain and some hitting the other. One thing you could try would be to pass the HTTP_HOST value into the iframe so that the resizing iframe is definitely loaded from the same domain. My recommendation though would be that you modify your website so that it is only available on a single domain. This can be less confusing for your users, can improve your placing in search engines and makes site maintenance easier (such as this iframe problem).
If you need help with doing that contact me directly and I’ll try to offer some pointers.
November 12th, 2008 at 6:24 pm
John, thanks for your response. I should have explained better, sorry. our company http://www.furnituredealer.net runs over 30 websites for furniture companies. I was hoping to use your iframe resize code so my clients can self-service ad post by uploading a simple htm page with embedded google video. Please view this site for an example of how I have this setup:
http://www.olindes.com/adpage.aspx
We do not control our clients DNS so it would actually be lot of work to request they all move to a single domain. I ran my problem by some other developers in my office and they thought some ASP.NET code could solve the issue. What we came up with is below:
if (Request.Url.ToString().Substring(0, 10) != “http://www”)
{
Response.Redirect(”PUT YOUR URL HERE”);
}
I will let you know if this resolved the issue. Again, thank you for your response.
November 20th, 2008 at 9:14 am
Ben,
Could you either get the client to pass the host name through to your site using:
Request.ServerVariables(”HTTP_HOST”)
Or alternatively you could detect the host name by looking at the Referer header sent to the video URL?
Request.ServerVariables(”http_referer”)
John