如何仅限制从外部站点到特定域的iframe显示 [英] How to limit display of iframe from an external site to specific domains only

问题描述

我运营的服务是准备客户的内容并在iframe中显示。然后客户端复制一个基本的iframe html标签并将其粘贴到他们的网页中。一些客户抱怨其他网站正在复制iframe标记并将其粘贴到他们的网站中。

I operate a service where a client's content is prepared and displayed in an iframe. The client then copies a rudimentary iframe html tag and pastes it into their web page. Some clients complain that other websites are copying the iframe tag and pasting it into their sites.

是否可以将iframe内容的显示限制为特定的域或域？也许通过以编程方式告诉iframe其父级必须是some-domain.com或者不显示。

Is it possible to restrict the display of an iframe's content to a specific domain or domains? Perhaps by programmatically telling the iframe that its parent must be some-domain.com or else don't display.

这有意义吗？我有时候可能过于冗长。

Does this make sense? I can sometimes be too verbose.

推荐答案

你可以使用.htaccess（假设原始内容在Apache服务器上）到限制对特定IP的访问。

you can use an .htaccess (assuming the original content is on an Apache server) to limit the access to a specific IP.

或者，如果页面是PHP，您可以将其限制为特定域，如下所示：

Or, if the page is a PHP, you could limit it to a specific domain, like this:

    <?php
$continue = 0;
if(isset($_SERVER['HTTP_REFERER'])) {

    //correct domain:
    $ar=parse_url($_SERVER['HTTP_REFERER']);
    if( strpos($ar['host'], 'yourdomain.com') === false ){
    } else {
        $continue = 1;
    }

}

if($continue == 0){
    header('HTTP/1.0 403 Forbidden');
    exit('Forbidden');
}

?>

这篇关于如何仅限制从外部站点到特定域的iframe显示的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！