user2542174
Reputation:
forbidden acces to direct page with nginx, accessible only via iframe
I want to avoid direct acces to a page via nginx.
I would like this page only accessible via an iframe which is on the same domain.
Is that possible ?
Thanks.
Upvotes: 1
Views: 1653
Answers (1)
fvu
Reputation: 32973
When a page is loaded as content of an iframe the request's Referer is set to the containing page, so you can check whether the iframe content is actually loaded inside the iframe by checking the Referer header.
Of course that header can be spoofed pretty easily, but may be sufficient, and doesn't require reliance on eg Javascript running clientside.
Upvotes: 1
Related Questions
- How do I allow only 1 URL in my web app to be accessed via iframe?
- NGINX CORS ISSUE
- Allow a page to only load in an iframe
- Iframe doesn't work in website wile hotlinking is deactivated on remote server
- Allow access only through iframe
- Nginx server edit to allow iframe from any site
- Page only accessible via joomla iframe and not in browser
- Iframe and http error when loading invalid or protected URL
- Denying access to page unless through an iframe
- Access is denied