All geek questions in one place

How to enable iFrame embedding only for websites with white color?

I have a form that I would like to embed in a website that is on my whitelist.

Other websites that attempt to implement it should only receive an error page.

<iframe src="https://domain.tld/getForm.php?embed=1&formId=123456"></iframe>

I was hoping I could use $_SERVER['HTTP_REFERER']in getForm.phpto check the embed site, but it doesn’t work.

Does anyone know best practices or workarounds?

Thanks in advance!

+4
source share
1 answer

Most browsers will support the X-Frame-Options header.

This header will prevent access:

X-Frame-Options: SAMEORIGIN

And this header allows access:

X-Frame-Options: ALLOW-FROM [uri]

Examples for parameters:

X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
X-Frame-Options: ALLOW-FROM https://example.com/

An example in PHP:

<?php header('X-Frame-Options: SAMEORIGIN'); ?>

: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

, !

+7

Source: https://habr.com/ru/post/1654526/

More articles:


All Articles