发表新帖
发表新帖

get the parent url of iframe in PHP

前端 未结
关注
6 1158
梦毁少年i
梦毁少年i 2021-01-19 12:38

I am creating a widget that would load in a IFrame and users will be able to place the widget on their own website. How would I get the URL of the website that is using the

相关标签:
6条回答
  • 礼貌的吻别
    2021-01-19 12:58

    You can use the following PHP code to have the parent window URL get values in an array:

      <?php
       //Getting the parent window parameters
        $getURLVar = str_replace("?","",strrchr($_SERVER['HTTP_REFERER'],"?"));
        $getURLVar = str_replace("&","=",$getURLVar);
        $getURLVar = str_getcsv($getURLVar,"=");
        $i=0;
        foreach ($getURLVar as $value)
          {
            if ($i % 2)
                $value1[$i]=$value;
            else
                $value2[$i]=$value;

            $i++;
          } 
        $getURLVar =array_combine($value2,$value1);


        print_r($getURLVar);
    ?>
    0 讨论(0)
  • 长发绾君心
    2021-01-19 13:00

    I have also tried to echo "$_Server[referrer]" in the IFrame page and that did return the IFrame parent URL, but how easy is it for someone to manipulate the referrer variable?

    Pretty easy, but so is disabling JavaScript! However, if a web site uses your <iframe> it will be a little difficult for them to fake the referrer in their visitor's UA. (They could also proxy your content if they really insist on hiding the fact that they're using your content. In that case your only choice is not to publish it in the first place.)

    In order to present content for "partners" only you could consider providing them with a token (like Twitter/Google/... APIs). If no (or an invalid) token is used, present an error. If a valid token is used but the referrer is suspicious you should investigate further.

    0 讨论(0)
  • 伪装坚强ぢ
    2021-01-19 13:02

    Try with:

    parent.location.href;

    or

    parent.document.URL
    0 讨论(0)
  • 无人共我
    2021-01-19 13:08

    Assuming your widget's URL doesn't do any redirects, etc., you should be able to use:

    document.referrer

    from within the javascript inside your iframe and it should contain the URL of the parent page. This seems to be what YouTube does for tracking in their iframe embed codes.

    0 讨论(0)
  • 醉酒成梦
    2021-01-19 13:17

    A small piece of JavaScript in the iframe-d page can 'un-frame' the page:

    if (top != self) {top.location.replace(self.location.href);}

    Otherwise, as @mck89 says: the iframe can access the URL of the parent page using the top.location.href.

    Further reading on the question How to prevent my site page to be loaded via 3rd party site frame of iframe.

    0 讨论(0)
  • 醉酒成梦
    2021-01-19 13:21

    I would use: 

    $qStr = explode('?', $_SERVER['HTTP_REFERER']);        
$t= explode('&', $qStr[1]);
foreach ($t as $val)
{
    $a = explode('=', $val);
    $args[$a[0]]=$a[1];
}
// to check the arguments
print_r($args);
// to check the url
echo $qStr[0];

    $args would contain my security token which would be checked by some hashing against the url

    0 讨论(0)
 看不清?
提交回复
热议问题