minshikshin / google-cast-sdk

Automatically exported from code.google.com/p/google-cast-sdk
0 stars 0 forks source link

Unable to load certain websites in an iframe on my receiver app #171

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
I have been experimenting with the Google Cast SDK and noticed that when my 
receiver app tries to display an iframe, it can only load certain domains.

For instance, adding <iframe src="http://www.vimeo.com"></iframe> displays 
Vimeo.com in the iframe while <iframe src="http://www.youtube.com"></iframe>, 
<iframe src="http://www.reddit.com"></iframe>
 or <iframe src="http://www.yahoo.com"></iframe> don't display anything. Obscure domains seem to be able to load fine, and this makes me wonder if there is blacklisting going on.

Is this the desired functionality? If there is any blacklisting going on, why 
does Google limit our usage of the device?

Original issue reported on code.google.com by selcik....@gmail.com on 26 Feb 2014 at 2:12

GoogleCodeExporter commented 9 years ago
Loading a random web page inside an iframe in Chromecast is not a supported 
usecase

Original comment by anad...@google.com on 26 Feb 2014 at 3:39

GoogleCodeExporter commented 9 years ago
The Chromecast is working as expected. youtube, reddit and yahoo all set 
X-Frame-Options: SAMEORIGIN. This prevents domains of a different origin from 
loading the site in an iframe. XFO was implemented to mitigate clickjacking / 
UI redressing attacks.

http://en.wikipedia.org/wiki/Clickjacking#X-Frame-Options

Original comment by dchanm on 8 Mar 2014 at 6:52