检查网站是否不允许嵌入iframe [英] Checking if a website doesn't permit iframe embed
问题描述
我正在为我的应用编写一个简单的类似灯箱的插件,我需要嵌入一个链接到任意页面的iframe。问题是,许多网站(例如, facebook ,nytimes,甚至是stackoverflow)将检查是否嵌入在一个框架中,如果是,将刷新页面作为父页面。这是一个已知的问题,我不认为有关于此的任何事情都可以做到。不过,我希望能够事先知道网站是否支持嵌入。如果没有,我想在新的标签页/窗口中打开页面,而不是使用iframe。
是否有一个技巧可以让我检查这在JavaScript?
也许有一个服务器端脚本,可以检查链接,看看他们是否允许iframe嵌入?
我正在开发浏览器扩展程序,因此有机会做一些非常有创意的事情。我的扩展加载在每个页面上,所以我认为有一种方法可以在iframe中传递参数,如果它破坏了iframe,可以通过扩展选择该参数。然后我可以将该域添加到不支持iframe嵌入的网站列表中。这可能起作用,因为扩展未在iframe中加载。我会在此工作,但在此期间......
澄清: 我愿意接受,没有办法破坏框架破坏者,也就是说,我知道我不能在不想融入其中的iframe中显示页面。但我希望我的应用程序优雅地失败,这意味着如果iframe嵌入不受支持,则在新窗口中打开链接。理想情况下,我想检查iframe是否在运行时嵌入支持(javascript),但是我可以使用上述注释中提供的代理服务器来查看潜在的服务器端解决方案。希望我可以建立一个不允许iframe嵌入的网站数据库。 检查x-frame-options标题使用以下代码 如果返回值为DENY,SAMEORIGIN或ALLOW-FROM,则不能使用带有该URL的iframe。 I am writing a simple lightbox-like plugin for my app, and I need to embed an iframe that is linked to an arbitrary page. The problem is, many web sites (for example, facebook, nytimes, and even stackoverflow) will check to see if is being embedded within a frame and if so, will refresh the page with itself as the parent page. This is a known issue, and I don't think there's anything that can be done about this. However, I would like the ability to know before hand if a site supports embed or not. If it doesn't, I'd like to open the page in a new tab/window instead of using an iframe. Is there a trick that allows me to check this in javascript? Maybe there is a server-side script that can check links to see if they permit an iframe embed? I am developing a browser extension, so there is an opportunity to do something very creative. My extension is loaded on every page, so I'm thinking there's a way to pass a parameter in the iframe url that can be picked up by the extension if it destroys the iframe. Then I can add the domain to a list of sites that don't support iframe embed. This may work since extensions aren't loaded within iframes. I will work on this, but in the meantime.... Clarification: I am willing to accept that there's no way to "bust" the "frame buster," i.e. I know that I can't display a page in an iframe that doesn't want to be in one. But I'd like for my app to fail gracefully, which means opening the link in a new window if iframe embed is not supported. Ideally, I'd like to check iframe embed support at runtime (javascript), but I can see a potential server-side solution using a proxy like suggested in the comments above. Hopefully, I can build a database of sites that don't allow iframe embed. Check x-frame-options header by using following code If return value DENY, SAMEORIGIN or ALLOW-FROM then you can't use iframe with that url. 这篇关于检查网站是否不允许嵌入iframe的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
$ url =http://stackoverflow.com;
$ header = get_headers($ url,1);
echo $ header [X-Frame-Options];
$url = "http://stackoverflow.com";
$header = get_headers($url, 1);
echo $header["X-Frame-Options"];
