Reputation: 1746
Bypassing Frame buster
I need to bypass or bust a frame buster, but I don't have a server that returns 204. The best solution that works (partially so far) is the one in https://crypto.stanford.edu/~dabo/pubs/papers/framebust.pdf on page 4 section C, onBeforeUnload – 204 Flushing.
It is discussed here (Frame buster buster) and here (Frame Buster Buster ... buster code needed) and the code is reproduced below
<script type="text/javascript">
var prevent_bust = 0
window.onbeforeunload = function() { prevent_bust++ }
setInterval(function() {
if (prevent_bust > 0) {
prevent_bust -= 2
window.top.location = 'http://example.org/page-which-responds-with-204'
}
}, 1)
</script>
My problem is, I don't have a server that returns an HTTP status code 204 (and I cannot set one up). How do I get around this?
Upvotes: 2
Views: 2552
Answers (1)
Reputation: 477
Since you can't set up your own server, you don't have many options aside from using a third party server. The obvious downside is that it's not under your control, so you can't control its availability.
A server whose purpose is to return various HTTP status codes will potentially be more reliable (as opposed to finding something random). You could use httpstat.us. The main page lists all the status codes and options it supports. The following will return HTTP 204: httpstat.us/204.
Upvotes: 1
Related Questions
- Frame Buster Buster ... buster code needed
- How to implement Frame Buster Javascript in iframe
- Selective frame-busting Javascript
- Busting a tough FRAME killer
- Preventing frame busting with access to page source
- Javascript frame killer that still allows frames from own domain?
- Can you beat a frame breaker?
- Framebreaker detection
- Frame buster buster
- Frame breaker only for specific sites?