Reputation: 717
Alternative Anti Frame Buster
I've been searching for awhile and tried several anti frame buster codes and none of them truly work. So my question is, can I have PHP or JavaScript scan all the urls and see if it's a redirect and take the redirect url and use it instead of the original url? I'm using an API and I'm iframing links it gives me and the urls keep redirecting my users to their website instead of keeping their stuff in my frame.
Upvotes: 0
Views: 568
Answers (1)
Reputation: 708146
If a site doesn't want to be framed, you can't make it (unless you turn off javascript in the browser).
It's the site's prerogative to determine whether it busts out of a frame, refuses to show it's content if framed or allows it.
There are methods to try to combat frame busting which turns into some sort of war of techniques, but a site can simply render its content invisible if it chooses. If a site doesn't want to be used framed, it can prevent it. It is their content after all. They should have the right to decide how it is or isn't displayed.
In modern browsers as of 2018, the X-FRAME-OPTIONS header appears to be the most reliable way to prevent framing. This article Clickjacking Defense Sheet provides a discussion of various other methods for legacy browsers. Legacy browsers (I'm mostly talking about IE) have some weaknesses that allow an attacker to defeat certain frame busting techniques.
Upvotes: 3
Related Questions
- Frame Buster Buster ... buster code needed
- Prevent iframe stealing
- How to implement Frame Buster Javascript in iframe
- Preventing frame busting with access to page source
- Stopping webpage compromise by preventing frame-busting
- Can you beat a frame breaker?
- Doing an iframe intelligent?
- Prevent iframe breakout HTML 5 / JS
- Frame buster buster
- Alternative to iframe