Embedding other sites with iframes

[obv-mikhail]

Currently embedding other zites is impossible due to cross-origin restrictions. Maybe there should be an option to disable the restrictions within a site's "content.json" file?

Use case scenarios:

• Easy to add disqus-like plugin for any zite.
• Embedding from a video sharing zite (like youtube does).
• etc.

[rllola]

+1 I would also need to remove cross-origin restriction to be able to use react-router browserHistory and to access indexedDB

[HelloZeroNet]

It would be a huge security risk (any site would able to access and modify all other site's data). Disqus-like plugin would result in centralization, which is agains the main goal of the project. Embedding a video does not requires iframe: with the future youtube plugin you will refer the video as the hash.

[rllola]

any site would able to access and modify all other site's data

But you need the private key to modify a site and publish the modification ?

If it is not possible what about an indexedDB wrapper function like for localStorage ? I could prepare a PR.

[HelloZeroNet]

The problem is if you can include other site in a frame, then you can execute zeroframe commands as the site (eg fileWrite)

IndexedDB ZeroFrame API command could be possible, but it's harder than localstorage, because there is more functions and you cannot pass javascript object, so you need to pass every command to the external wrapper.

[rllola]

I am ok to spend some times on it and see where it lead us if you think that you could then add it to ZeroNet. I am exploring an other solution to fix my problem but I still think that it is a nice feature.

[ghost]

I see, here they write that the problems with the iframe have been around for a long time. But I have worked in ZeroBlogs YouTube through the iframe for a long time and well. I left a lot of blogs posts with YouTube video inserts. But recently they all stopped working :-/

Reason: CORS header 'Access-Control-Allow-Origin' missing

Is it possible to think of something to make YouTube videos work again on ZeroBlogs?

[ghost]

The most common thing is that earlier in ZeroBlog worked perfectly iframe-inserts on YouTube-video. I read reviews that iframe in ZeroNet and should not work, but I used such videos in blogs dozens of times and everything worked fine. But recently it stopped working. Apparently, YouTube has increased security requirements. And now they require a header:

Uncaught DOMException: Failed to read the 'cookie' property from 'Document': The document is sandboxed and lacks the 'allow-same-origin' flag.

Can not this be fixed in ZeroNet itself? :)

Here are examples of videos that worked fine before, but stopped working now:

http://127.0.0.1:43110/144W6itCd6jUqHDx5SDjbFaRdTnh4gRBBA/?Post:41:60+years+of+space+age

http://127.0.0.1:43110/1ApsfuUfnyJm19qZguDzzqj7se41Ggxzrt/?Post:2:Имитатор+огня+из+светодиодной+ленты...

[HelloZeroNet]

I'm afraid this is the limitation of browser's iframe sandbox. Do you have any idea when did it worked for you last time?