How can I find out that my page is embedded as a frame to other site during page loading? I guess referrer request header can't help me here? Thanks.
views:
354answers:
3
+8
A:
You cannot check it from the server's side, but you can use javascript to detect it after the page has loaded. Compare top and self, if they're not identical, you are in a frame.
Additionally, some modern browsers respect the X-FRAME-OPTIONS header, that can have two values:
- DENY – prevents the page from being rendered if it is contained in a frame
- SAMEORIGIN – same as above, unless the page belongs to the same domain as the top-level frameset holder.
Users include Google's Picasa, that cannot be embedded in a frame.
Browsers that support the header:
- IE8 and IE9
- Opera 10.50
- Safari 4
- Chrome 4.1.249.1042
- Firefox with NoScript
Maerlyn
2010-05-24 11:46:30
Thanks, your approach make sense!
abovesun
2010-05-25 08:50:12
+6
A:
Stackoverflow includes some JS to test it (master.js). This is the relevant part of it:
if(top!=self){
top.location.replace(document.location);
alert("For security reasons, framing is not allowed; click OK to remove the frames.")
}
But keep in mind that JS can be disabled.
Felix Kling
2010-05-24 12:17:04
+1
A:
Use javascript to check if it was loaded on iframe by placing the following script at the end of your php file and redirect to a page that displays warning or notice that your page should not be loaded using iframe.
<script type="text/javascript">
if(top.location != window.location) {
window.location = '/error_iframe.php';
}
</script>
jmslouie
2010-05-24 13:49:14