iframe在项目中应用总结 - 前端技术分享

已落地的多种项目形式

富文本编辑器-结合业务的输出
公式编辑器

跨部门团队协作

XXX-客户端，嵌入iframe
报告对接
中台系统-业务模块输出

什么时候用？怎么用？

基础点

iframe

https://developer.mozilla.org/zh-CN/docs/Web/HTML/Element/iframe

hack

基于iframe的src,提供下载资源功能
通信
postMessage
https://developer.mozilla.org/zh-CN/docs/Web/API/Window/postMessage

线上问题处理

CSP

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
Specifies valid parents that may embed a page using , , <object>, <embed>, or <applet></li> </ul> <figure class="highlight vala"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta"># 不允许被嵌入</span></span><br><span class="line">Content-Security-Policy: frame-ancestors <span class="string">'none'</span></span><br><span class="line"><span class="meta"># 只允许被同源的页面嵌入</span></span><br><span class="line">Content-Security-Policy: frame-ancestors <span class="string">'self'</span></span><br><span class="line"><span class="meta"># 只允许被白名单内的页面嵌入</span></span><br><span class="line">Content-Security-Policy: frame-ancestors www.example.com</span><br><span class="line"></span><br><span class="line"><span class="meta"># 不允许被嵌入</span></span><br><span class="line">X-Frame-Options: deny</span><br><span class="line"><span class="meta"># 只允许被同源的页面嵌入</span></span><br><span class="line">X-Frame-Options: sameorigin</span><br><span class="line"></span><br></pre></td></tr></table></figure> <h3 id="nginx"><a href="#nginx" class="headerlink" title="nginx"></a>nginx</h3><p>如果一个域名xxx.xxx.xxx /abc/ 路径下部署了前端服务</p> <ul> <li>iframe 里面嵌入 xxx.xxx.xxx/abc</li> <li>如果是xxx.xxx.xxx/abc 会被重定向，nginx , 这样会有问题，请求https，会被转为http</li> <li>Nginx 内部重定向规则会被启动，例如，当 URL 指向一个目录并且在最后没有包含“/”时，Nginx 内部会自动的做一个 301 重定向</li> <li>需要xxx.xxx.xxx/abc/ ，这样才能匹配到，从而不被重定向</li> </ul> <h3 id="视频自动播放问题"><a href="#视频自动播放问题" class="headerlink" title="视频自动播放问题"></a>视频自动播放问题</h3><p><a target="_blank" rel="noopener" href="https://developer.chrome.com/blog/autoplay/#iframe-delegation">https://developer.chrome.com/blog/autoplay/#iframe-delegation</a><br>如果是跨域的站点，又希望能自动播放，需要再加上这个属性</p> <h2 id="一些其它的结局方案"><a href="#一些其它的结局方案" class="headerlink" title="一些其它的结局方案"></a>一些其它的结局方案</h2><h3 id="微前端框架"><a href="#微前端框架" class="headerlink" title="微前端框架"></a>微前端框架</h3><ul> <li>qiankun</li> <li><a target="_blank" rel="noopener" href="https://juejin.cn/post/6938207400457404430">https://juejin.cn/post/6938207400457404430</a></li> </ul> <div class="donate-container"> <div class="donate-button"> <button id="donate-button">赞赏</button> </div> <div class="donate-img-container hide" id="donate-img-container"> <img id="donate-img" src="" data-src="img/donate.jpg"> <p> 感谢鼓励 </p> </div> </div> <br /> <div id="comment-container"> </div> <div id="disqus_thread"></div> <div id="lv-container"> </div> </div> </div> </div> </div> <footer class="footer"> <ul class="list-inline text-center"> <li> <a target="_blank" href="https://github.com/anitakym"> <span class="fa-stack fa-lg"> <i class="iconfont icon-github"></i> </span> </a> </li> </ul> <a target="_blank" rel="noopener" href="https://beian.miit.gov.cn/"><p>京ICP备19049908号-1</p></a> <p> <span id="busuanzi_container_site_pv"> <span id="busuanzi_value_site_pv"></span>PV </span> <span id="busuanzi_container_site_uv"> <span id="busuanzi_value_site_uv"></span>UV </span> Created By <a target="_blank" rel="noopener" href="https://hexo.io/">Hexo</a> Theme <a target="_blank" rel="noopener" href="https://github.com/aircloud/hexo-theme-aircloud">AirCloud</a></p> </footer> </body> <script> // We expose some of the variables needed by the front end window.hexo_search_path = "search.json" window.hexo_root = "/" window.isPost = true </script> <script src="https://cdn.bootcss.com/jquery/3.3.1/jquery.min.js"></script> <script src="/js/index.js"></script> <script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script> </html>

已落地的多种项目形式

跨部门团队协作

什么时候用？怎么用？

基础点

iframe

hack

通信

postMessage

线上问题处理

CSP