开发者

Allow only certain domains being able to load an iFrame

I'm building some widgets for a charity. Due to some logo licensing malarkey, I've got to find some way of only allowing white-listed sites from running the code, or to send a error message (or something like that) rather than the widget.

We've got to use iFrames as a fair few sites have already embedded them. Ideally, a PHP solution would be best, but JS is ok if needs be.

So, the one liner; Can I check the domain the iFrame is sitting in and send it different content?

I wonder what the cha开发者_如何学Pythonnces are of being able to do this...


You can use the HTTP_REFERER header.

<?php

$allowed_domains = array(
        'a-good-domain.com',
        'another-nice-one.org',
        );

$allowed = false;
foreach ($allowed_domains as $a) {
    if (preg_match("@https?://$a/.*@", $_SERVER['HTTP_REFERER'])) {
        $allowed = true;
    } 
}

if ($allowed) 
    echo "Nice domain";
else
    echo "Ugly domain";
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜