检测此网页是否位于跨网域iframe中的Foolproof方式 [英] Foolproof way to detect if this page is INSIDE a cross-domain iframe

问题描述

检测的愚蠢方法的答案如果iframe是跨网域 描述了一种方法，用于测试网页上的iframe是否指向同一域或跨网域网页，解决不同浏览器对跨网域政策的解释，以及避免会中断用户或停止javascript的错误消息。

An answer to "Foolproof way to detect if iframe is cross domain" describes a method to test if an iframe on a page points to a same-domain or cross-domain page, working around different browsers' interpretations of the cross-domain policy and avoiding error messages that would interrupt a user or stop javascript.

我想要等效于此操作，但从 iframe测试是否在内部跨域iframe中。

I'm looking to do the equivalent of this but from the child page inside the iframe testing whether it is inside a cross-domain iframe or not.

可以存取（同一个网域）关于父的信息与父全局例如 parent.document.location ，但是当它检测到父交叉时，有一种可靠的方法来执行此跨浏览器而不会崩溃错误 -域？

It's possible to access (same domain) info about the parent with the parent global e.g. parent.document.location, but is there a reliable way to do this cross-browser without crashing into errors when it detects that the parent is cross-domain?

为方便测试，这里是 jsbin 在 jsfiddle 内，当尝试测试 parent.location.host 是可访问的。是否有可靠的方法来获取可用的 false 告诉我们这是一个跨域父，而不是错误？

For handy testing, here's a jsbin inside a jsfiddle that crashes into an error when trying to test if parent.location.host is accessible. Is there a reliable way to get something usable like false telling us that this is a cross-domain parent, instead of an error?

有没有 try ... catch 这将是强大的跨浏览器？或者也许一些聪明的技巧使用 parent.postMessage（）的返回值？ （虽然无法编辑父页面）

Is there a try...catch variant which will be robust cross-browser? Or maybe some clever trick using a return value from parent.postMessage()? (although the parent page cannot be edited)

使用案例：想象可嵌入内容嵌入到自己的网站，以及第三方。如果网页位于同一个网域的iframe，我们会隐藏品牌并连结回原始网站，因为使用者已经在这里。如果他们从第三方iframe访问页面或直接加载页面，我们会显示品牌和信用，以便他们可以看到内容的来源。

Use case: imagine embedable content that is to be embedded on pages on its own site, and by third parties. If the page is on a same-domain iframe, we hide branding and links back to the original site because the user is already here. If they access the page from a 3rd party iframe or load the page directly, we show the branding and credits so they can see the source of the content.

为了说明，我知道同一个域的政策，我不在乎 >跨浏览器域是，我只是想寻找一个简单但可靠的如果条件像 if（crossDomainParent（））{/ * do / *

To clarify, I know about the same-domain policy and I don't care what the cross browser domain is, I'm just looking to write a simple but reliable if condition like if( crossDomainParent() ){ /* do something */}

推荐答案

首先检查您是否被IFramed。

First check if you are IFramed.

window.self !== window.top

如果您是IFramed，那么您的引荐来源网址是您的父框架网址。

If you are IFramed, then your referrer is your parent frame url.

document.referrer

从这个网址，您应该能够检测是否要分支代码。

From this url you should be able to detect if you want to branch your code.

这篇关于检测此网页是否位于跨网域iframe中的Foolproof方式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！