tags:

views:

304

answers:

0
Q: 

iframe and request.referer

I am developing a web application which will entail cross scripting across domains using an iframe. Essentially web authors will be able to embed code into an iframe on their page, and the browser will retrieve content from my web application and display it in the page. It is sort of like Google Adsense.

I need a way to ensure the parent page holding the iframe was served from the domain that is authorized to access my content. Within my web application I can use the referrer property and this reveals the domain name of the parent site. But this can be tricked simply by changing the host file. Should I instead rely on the ip address? But what if the ip address periodically changes?

related questions

What are the potential pitfalls of using HTML Frames for templating?
Resizing an iframe based on content
Running Google Analytics in iframe?
"Access is denied" error on accessing iframe document object
Googlebot + IFrames ?
Javascript Iframe innerHTML
Mouse Scroll Wheel and IFRAME
Options for Dynamic content in ASP.Net
Is there a way to get the parent URL from an Iframe's content?
How to auto-focus RTE editor inside firefox?
Accessing Domain Cookies within an iFrame on Internet Explorer
Are iframes a terrible idea?
Silverlight app and an iframe co-existing on the same page
What's the best way to reload a iframe using javascript?
Dreaded iframe horizontal scroll bar can't be removed in IE?
Remove border from IFrame
iframe wikipedia article without the wrapper
<iframe> - How to show the whole height of referenced page?
Embed asp page without iframe
Can I prevent user pasting Javascript into Design Mode IFrame?
How do I get the current location of an iframe?
Retrieving HTTP status code from loaded iframe with Javascript
Making an iframe take vertical space
iFrame Best Practices
Options for Google Maps over SSL