检测此页面是否在跨域 iframe 内部的万无一失的方法 [英] Foolproof way to detect if this page is INSIDE a cross-domain iframe
问题描述
回答万无一失的检测方式if iframe is cross domain" 描述了一种测试页面上的 iframe 是否指向同域或跨域页面的方法,围绕不同浏览器对跨域策略的解释以及避免会中断用户或停止 javascript 的错误消息.
An answer to "Foolproof way to detect if iframe is cross domain" describes a method to test if an iframe on a page points to a same-domain or cross-domain page, working around different browsers' interpretations of the cross-domain policy and avoiding error messages that would interrupt a user or stop javascript.
我希望做与此相同的事情,但是来自 iframe 内的子页面测试它是否inside 跨域 iframe.
I'm looking to do the equivalent of this but from the child page inside the iframe testing whether it is inside a cross-domain iframe or not.
可以使用 访问(同一域)有关父级的信息代码>父全局例如parent.document.location,但是当检测到父项是跨域时,是否有可靠的方法来执行此跨浏览器而不会崩溃错误?
It's possible to access (same domain) info about the parent with the parent global e.g. parent.document.location, but is there a reliable way to do this cross-browser without crashing into errors when it detects that the parent is cross-domain?
为了方便测试,这里有一个 jsbin 在 jsfiddle 在尝试测试 parent.location.host 是否可访问时崩溃.有没有可靠的方法来获得一些可用的东西,比如 false 告诉我们这是一个跨域父级,而不是一个错误?
For handy testing, here's a jsbin inside a jsfiddle that crashes into an error when trying to test if parent.location.host is accessible. Is there a reliable way to get something usable like false telling us that this is a cross-domain parent, instead of an error?
是否有一个 try...catch 变体将是强大的跨浏览器?或者也许是一些使用 parent.postMessage() 返回值的聪明技巧?(虽然不能编辑父页面)
Is there a try...catch variant which will be robust cross-browser? Or maybe some clever trick using a return value from parent.postMessage()? (although the parent page cannot be edited)
用例:想象可嵌入的内容,这些内容要嵌入到自己网站的页面上,也可以由第三方嵌入.如果页面位于同域 iframe 上,我们会隐藏品牌和链接回原始站点,因为用户已经在这里.如果他们从第 3 方 iframe 访问页面或直接加载页面,我们会显示品牌和信用,以便他们可以看到内容的来源.
Use case: imagine embedable content that is to be embedded on pages on its own site, and by third parties. If the page is on a same-domain iframe, we hide branding and links back to the original site because the user is already here. If they access the page from a 3rd party iframe or load the page directly, we show the branding and credits so they can see the source of the content.
澄清一下,我知道同域策略,我不在乎跨浏览器域是什么,我只是想写一个简单但可靠的if 条件如 if( crossDomainParent() ){/* 做某事 */}
To clarify, I know about the same-domain policy and I don't care what the cross browser domain is, I'm just looking to write a simple but reliable if condition like if( crossDomainParent() ){ /* do something */}
推荐答案
首先检查你是否是 IFramed.
First check if you are IFramed.
window.self !== window.top
如果您是 IFramed,那么您的引荐来源网址是您的父框架网址.
If you are IFramed, then your referrer is your parent frame url.
document.referrer
从这个 url 你应该能够检测到你是否想要分支你的代码.
From this url you should be able to detect if you want to branch your code.
这篇关于检测此页面是否在跨域 iframe 内部的万无一失的方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
