Hi,
How can I detect server-side (c#, asp.net mvc) if the loaded page is within a iframe? Thanks
+1
A:
This is not possible, however.
<iframe src="mypage?iframe=yes"></iframe>
and then check serverside if the querystring contains iframe=yes or with the Referer header send by the browser.
Time Machine
2009-07-24 18:27:59
thanks, but this doesn't solve my problem as i want the page to be accessed only if within an iframe (for some security reasons). adding something to the querystring is just too easy to do to be secure.
pistacchio
2009-07-24 18:31:38
If it's for security reasons, then you're doing something wrong. At best, the only thing that might clue you in to being in an iframe is a referer. And even that is forgeable. Security is done by access checks and validation, not by fragile webs of assumptions.
Yuliy
2009-07-24 18:35:38
A:
There is no way of checking this that will fit your requirement of "secure" as stated in your comment on @ZOMFG's answer.
ceejayoz
2009-07-24 18:40:06
A:
I don't think the server-side can do this, so why not put a hidden control in your page that will be in the iframe? When the URL in the iframe loads, you can add some client-side code to set the hidden input to indicate you are in an iframe. The easiest check would be on the client-side in an onload method, like this:
// Set hidden input
someHiddenInput.value = self != top
It's more secure than the querystring, but it still might not be enough security for you.
My 2 cents.
nickyt
2009-07-24 18:49:20