Cloudflare blocks iframe javascript event

May I ask what error do you get in the Developer Console (F12) of your Web browser? :thinking:

Or maybe some Cloudflare error inside the iFrame? :thinking: (as like Error 1020 or some 5xx errors as the events don’t pass …)

Hm, without knowing the bahaviour of how iFrame is being created and manipulated, if Cloudflare does it, you could try to:

  1. Disable the Auto Minify - JavaScript option
  2. Disable RocketLoader option
  3. Disable the Page Shield option
  4. Check SSL settings, if related?

Otherwise, does your origin host/server for that URL return some of the security HTTP headers like?: :thinking:

  • Content-Security-Policy (CSP)
  • CORS
  • X-Frame-Options

Nevertheless, it knows to happen that it doesn’t even come from origin host/server, rather some app frameworks are producing them.

Maybe that external domain is using some HTTP headers which don’t allow to use it’s content as iFrame.

You could try a simple Worker script to fetch the content from it, if possible, then display it, but not as iFrame on your website … just an idea, haven’t tried to combine this.
Furthermore, there were some ideas to “misuse” the Worker for/and iFrame … which I’d rather not try at all cost due to possible villation of the ToS, if so.

Despite iFrame HTML tag and it’s attributes, it might be you are using some of them which might be in some kind of a conflict with the “window”?