Reputation: 113385
Get the page where is loaded iframe on the server side
Suppose that we have two sites: A and B. A/embed?code=dummy is a page url that is loaded into an iframe from B.
How can I know if the A page is loaded into B and not on other site? I want to check this on the server site only (if the site where A is loaded is not B, the page will not be loaded).
I use req.headers.referer that returns the expected result, but it's a header. It can be modified by the user and this is not secure, I think.
Is there any better alternative? Maybe without using an iframe.
From site A the user will get an embed code that will be put in site B, so basically I have access to the both sites.
Upvotes: 0
Views: 269
Answers (1)
Reputation: 3541
Ok, I see such options:
1) X-Frame-Options, which as you said, do not work in Chrome.
2) Inside a frame, you can firstly check window.parent.location.href, and if it is B/..., load other content with ajax. (Quite safe, browsers don't allow to arbitrarily change location.href.)
3) If you can modify site B files, sites A and B could both generate some key depending on date/time and B would pass it as get parameter to A/embed?code=dummy&tok=..., then A would response only if the key is ok.
Upvotes: 1
Related Questions
- Javascript: get iframe id within loaded page
- Detect if page is inside of an iframe and get iframe id
- How to identify a webpage is loaded inside an IFRAME or a FRAME
- How to get the url in browser address bar in nodejs
- See which page loads mine in iframe
- How can I get the source of an iframe?
- Know which page the user is browsing in iframe
- Getting source of iFrame
- Gathering location of an IFRAME
- find out what page the iframe is on