Reputation: 3336
Is there a hack for loading content from domainA, serving it from domainB, and spoofing the http referrer to be domainA?
Part 1 of this question is the iframe problem.
You embed domainA/page.html in an iframe on domainB, and the http referrer will naturally be domainA.
So is the following pseudo javascript sufficient to protect domainA from being embedded in an iframe on domainB? The javascript validity is not important, just the concept.
if( window.top.href != domainA ) window.top.href = domainA
Part 2 is basically any other method for spoofing the domain. I guess you can fake the http referrer on a client by client basis (by patching the headers leaving the browser for instance)... but this wouldn't be a big deal. (Though explaining how this works would be an awesome response).
Upvotes: 2
Views: 432
Answers (1)
Reputation: 14808
This code will break you out of a frame within a foreign site.
if (top.location != self.location) {
top.location.replace(self.location)
}
Useful if someone is trying to keep members on their site by including you in a iframe.
Upvotes: 1
Related Questions
- xmlhttprequest to spoof referer then redirect to another page?
- How to spoof site referrer?
- Load external website in iframe but without sending HTTP_REFERER
- How to spoof http referer
- Intercepting http requests made from an iframe which contains HTML content from seperate domain
- can I set the http_referer on a pageload?
- Spoofing HTTP-request Referrer from HTML?
- How do you spoof HTTP_REFERER?
- Spoofing HTTP Referrer data using ASP.NET
- imitate iframe coming from another domain