如何将 iframe 从外部站点的显示限制为仅特定域 [英] How to limit display of iframe from an external site to specific domains only

问题描述

我经营一项服务，在该服务中，客户的内容已准备好并显示在 iframe 中.然后客户端复制一个基本的 iframe html 标记并将其粘贴到他们的网页中.一些客户抱怨其他网站正在复制 iframe 标记并将其粘贴到他们的网站中.

I operate a service where a client's content is prepared and displayed in an iframe. The client then copies a rudimentary iframe html tag and pastes it into their web page. Some clients complain that other websites are copying the iframe tag and pasting it into their sites.

是否可以将 iframe 内容的显示限制在一个或多个特定域?也许通过以编程方式告诉 iframe 它的父级必须是 some-domain.com 否则不显示.

Is it possible to restrict the display of an iframe's content to a specific domain or domains? Perhaps by programmatically telling the iframe that its parent must be some-domain.com or else don't display.

这有意义吗?我有时会说得太冗长.

Does this make sense? I can sometimes be too verbose.

推荐答案

您可以使用 .htaccess(假设原始内容在 Apache 服务器上)来限制对特定 IP 的访问.

you can use an .htaccess (assuming the original content is on an Apache server) to limit the access to a specific IP.

或者，如果页面是 PHP，您可以将其限制为特定域，如下所示:

Or, if the page is a PHP, you could limit it to a specific domain, like this:

    <?php
$continue = 0;
if(isset($_SERVER['HTTP_REFERER'])) {

    //correct domain:
    $ar=parse_url($_SERVER['HTTP_REFERER']);
    if( strpos($ar['host'], 'yourdomain.com') === false ){
    } else {
        $continue = 1;
    }

}

if($continue == 0){
    header('HTTP/1.0 403 Forbidden');
    exit('Forbidden');
}

?>

这篇关于如何将 iframe 从外部站点的显示限制为仅特定域的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！