保护 iFrame - 只允许它在一个域上工作 [英] Protecting iFrame - Only allow it to work on one domain

问题描述

我创建了一个小部件，并使用 iFrame 将其嵌入到其他网站上.我要做的是确保没有人可以查看源代码并复制 iFrame 代码并将其放在自己的网站上.

I have a Widget that I created and I am embedding it on other websites using an iFrame. What I want to do is make sure no one can view the source and copy the iFrame code and put it on their own website.

我可以在数据库中存储它应该被允许的 URL.我以前见过它，一个站点有一个很长的加密代码，如果它与域不匹配，那么它会说 Access Denied..

I can store the URL that it should be allowed on in the database. I've seen it done before, one site had a long encrypted code and if it didn't match with the domain then it said Access Denied..

有人知道我该怎么做吗?

Does anyone know how I can do this?

谢谢！

推荐答案

不，你不能这样做.您可以做的最好的事情是:

No you can't do this. The best thing you can do is the following:

if (window.top.location.host != "hostname") {
    document.body.innerHTML = "Access Denied";
}

将上述内容添加到您的 JavaScript 中，然后使用 JavaSript 混淆器

Add the above to your JavaScript and then use a JavaSript obfuscator

这篇关于保护 iFrame - 只允许它在一个域上工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！