Check if site is inside iframe

后端 未结 5 369
情话喂你
情话喂你 2020-11-29 05:50

Anyone know if it\'s possible to check if a site is inside an iframe with PHP.

I know it\'s possible with javascript, but i couldn\'t find any example with PHP?

相关标签:
5条回答
  • 2020-11-29 06:15

    No, PHP is server side. It has no way of knowing if it is in a iframe.

    0 讨论(0)
  • 2020-11-29 06:20

    You can check for $_SERVER['HTTP_REFERER']. This cannot really be trusted because browsers not always provide this information. Also HTTP_REFERER not always means an iframe but for particular cases this is good.

    0 讨论(0)
  • 2020-11-29 06:22

    PHP is never in an iframe. PHP is executed on the server side and generates output such as HTML, Javascript, or text. The output generated by PHP may produce or reside within an iframe, but never PHP itself.


    ADDITIONAL DETAIL

    With regard to the additional detail you added in comments (that you want to distinguish between requests directly to your site and requests via a Facebook application) there are a few techniques you can use:

    1. $_SERVER['HTTP_REFERER']:

    You can check the referrer to determine if a request came from a Facebook URL, from another page on your own site, from a third-party site, or if it was direct traffic. This method is not foolproof, but may provide more information than your application currently receives.

    1. Separate URLs

    You can create separate URLs for the application running on your site and the Facebook version. Using $_SERVER['REQUEST_URI'], you can easily detect whether your application was accessed via 'yoursite.com/fbapp' or 'yoursite.com/localapp'. Both URLs can reference the same scripts via Apache's mod_rewrite or the aliasing solution of your choice.

    1. URL Parameters

    This method is possibly the easiest to implement. If you can provide URL parameters when you provide an application URL to Facebook, just add a parameter. For example:

    ?access_method=facebook
    

    In PHP, you can easily check for the existence and value of the access_method parameter, and take action as necessary.

    0 讨论(0)
  • 2020-11-29 06:23

    For anyone who lands on this old thread: There is a very easy way to check in PHP wether or not your page is loaded through an iframe.

    if( isset($_SERVER['HTTP_SEC_FETCH_DEST']) && $_SERVER['HTTP_SEC_FETCH_DEST'] == 'iframe' ) {}
    
    0 讨论(0)
  • 2020-11-29 06:26
    <?php
    if(!$_SERVER['HTTP_REFERER'] == 'YourFrameURL') {
        // Site is NOT loaded from iframe
        die('Please load this page from YourFrameURL');
    }
    else {
        // Site IS loaded from iframe: display content
    ?>
    

    Please note that $_SERVER['HTTP_REFERER'] is totally not reliable: it can be modified. Also note that this method is 'https-sensitive'. If the frame is loaded from https://x while YourFrameURL is set to http://x, it will not work. Fix this by using:

    if(!$_SERVER['HTTP_REFERER'] == 'http://YourFrameURL' or !$_SERVER['HTTP_REFERER'] == 'https://YourFrameURL') {
    
    0 讨论(0)
提交回复
热议问题