如何仅限制从外部站点到特定域的iframe显示 [英] How to limit display of iframe from an external site to specific domains only
问题描述
我运营的服务是准备客户的内容并在iframe中显示。然后客户端复制一个基本的iframe html标签并将其粘贴到他们的网页中。一些客户抱怨其他网站正在复制iframe标记并将其粘贴到他们的网站中。
I operate a service where a client's content is prepared and displayed in an iframe. The client then copies a rudimentary iframe html tag and pastes it into their web page. Some clients complain that other websites are copying the iframe tag and pasting it into their sites.
是否可以将iframe内容的显示限制为特定的域或域?也许通过以编程方式告诉iframe其父级必须是some-domain.com或者不显示。
Is it possible to restrict the display of an iframe's content to a specific domain or domains? Perhaps by programmatically telling the iframe that its parent must be some-domain.com or else don't display.
这有意义吗?我有时候可能过于冗长。
Does this make sense? I can sometimes be too verbose.
推荐答案
你可以使用.htaccess(假设原始内容在Apache服务器上)到限制对特定IP的访问。
you can use an .htaccess (assuming the original content is on an Apache server) to limit the access to a specific IP.
或者,如果页面是PHP,您可以将其限制为特定域,如下所示:
Or, if the page is a PHP, you could limit it to a specific domain, like this:
<?php
$continue = 0;
if(isset($_SERVER['HTTP_REFERER'])) {
//correct domain:
$ar=parse_url($_SERVER['HTTP_REFERER']);
if( strpos($ar['host'], 'yourdomain.com') === false ){
} else {
$continue = 1;
}
}
if($continue == 0){
header('HTTP/1.0 403 Forbidden');
exit('Forbidden');
}
?>
这篇关于如何仅限制从外部站点到特定域的iframe显示的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!