Reputation: 79
How to restrict my site to be used from other sites by iframe in ASP.NET
I don't want anybody to be able to use the iframe content without my permissions. How can I allow only domains of my choice to be able to embed the iframe with the page's content?
My problem is like that:In my asp.net web page one iframe and this iframe load dynamicaly. when my web page is loaded first time my web page url is like:http://examle.com and my iframe src attribute url is like :http://example.com/anotherwebpage.aspx.
i want to restrict anyone can not changes my iframe src attribute url without my permission.How to do this.
Upvotes: 0
Views: 3325
Answers (2)
Reputation: 1
Add this to your Web.config. This would add another header to your http response.
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="sameorigin"/>
</customHeaders>
</httpProtocol>
</system.webServer>
Upvotes: 0
Reputation: 943193
Use The X-Frame-Options response header.
In the HTTP response for the document you want to prevent being show in frames on other websites include:
The X-Frame-Options: SAMEORIGIN
Then http://example.com/ can embed http://example.com/foo but http://example.net/ cannot.
(Note that old browsers will ignore this header, but it will block it on sufficient modern browsers to make it not worthwhile for other sites to try to embed it).
Upvotes: 4
Related Questions
- How to restrict an iframe to a specific domain
- How to make the iframe block requests from certain domains?
- How to prevent iframe from processing url's from an outside domain?
- Allow others to iframe my site
- how to block FRAME src from other websites to our website
- Force websites to display in Iframe
- How to limit display of iframe from an external site to specific domains only
- How to realize cross-domain security with iFrame custom website under the sharepoint website
- Load iframe on specific domains only
- Only allow a few websites to embed my iFrame