Is it as easy as $ENV{'HTTP_REFERER'}? or is there something else that I need to do?
Example: My Site: sample.php
Calling Site w/iFrame: somesite.com
I want sample.php when it loads to be able to use "somesite.com" for input as a variable.
Is it as easy as $ENV{'HTTP_REFERER'}? or is there something else that I need to do?
Example: My Site: sample.php
Calling Site w/iFrame: somesite.com
I want sample.php when it loads to be able to use "somesite.com" for input as a variable.
Hi,
First of all, your page must not depend on the Referer being present nor correct : it is an information that is sent by the browser, and can either :
For more informations, see, for instance :
These posts both "agree" with me ^^
Now, you can enventually use it to add some feature ; but you must not rely on it for your website to work ;-)
There is no difference between an inline frame and a normal page. And loading an inline frame initially with src
will send the HTTP referer.
As Pascal MARTIN mentioned, you shouldn't trust the Referer value absolutely.
Expanding on Gumbo's answer: since the Referer is transmitted as a header within an HTTP Request retrieving it within a script loaded in an <iframe>
is exactly the same as retrieving it for any other script.
When the browser requests the page specified by the src
attribute in the <iframe>
it will submit an HTTP request like that for any other resource and will include the Referer
header value.
The value of the Referer
header will contain the URL of the page hosting the <iframe>
. So if you had a PHP script named page-with-iframe.php and it contained <iframe src="sample.php" />
the HTTP request for sample.php might look something like:
GET /sample.php HTTP/1.1
Host: somesite.com
...
Referer: http://somesite.com/page-with-iframe.php
In sample.php you would use $ENV{'HTTP_REFERER'}
to retrieve the value and from there you can parse out the hotname somesite.com.
For a truly reliable way to access the parent URL, you can add a GET parameter to the iframe src containing the parent URL when you embed it. You can use Javascript to add this automatically along with the embed.
Here's an example that embeds the iframe at the end of the <body>
tag:
var iframe = document.createElement('iframe');
iframe.src = '/sample.php?parent=' + window.location;
document.body.appendChild(iframe);
You can then access the parent URL reliably from PHP with:
$parent_url = $_GET['parent'];