MDN如何在服务器端检测来自iframe的请求并且不发送任何内容？ [英] How does it appear that MDN can detect a request from an iframe on the Server Side and send no content?

问题描述

请注意：此问题与服务器端检测页面显示在IFrame内部，因为我向您展示了它将出现的实例 MDN（Mozilla开发者网络）已检测到内容正在传递给iframe，但是，如果您仔细阅读，我将讨论这可能与服务器端无关;它可能是某种权利问题，它以某种方式或某种方式我不知道。关键是要了解已经存在的东西是如何工作的。

Please Note: This question is not related directly to Server-side detection that a page is shown inside an IFrame, as I'm showing you an instance where it would appear that the guys at MDN (Mozilla Developer Network) are already detecting that content is being delivered to an iframe, although, if you read through this, I discuss the possibility that this isn't server-side related at all; it might be some sort of "rights" issue declared some how or in some way I don't know about. The point is to understand how something already existing works.

首先，我不想扯掉MDN（Mozilla开发者网络）内容是我自己的。我问这个是因为我真的很困惑。 MDN的人似乎已经搞了一个很好的技巧，我想知道它，但也许它比我意识到的更简单。

First of all, I do not desire to rip off MDN (Mozilla Developer Network) content as my own. I'm asking this because I'm truly puzzled by it. The guys at MDN seem to have pulled of a nice trick, and I'd like to know it, but maybe its simpler than I realized.

代码只是：

<iframe src="https://developer.mozilla.org/en-US/docs/HTML/HTML5"></iframe>

以这个小提琴为例：

http://jsfiddle.net/jfcox/D3UNZ/

您是否注意到iframe中没有内容？ Chrome网络标签上似乎没有与该请求相关的任何内容。

Do you notice how there's no content in the iframe? There doesn't appear to be any content related to the request on the Chrome network tab.

我向您保证，这可以在正常网站上运行，例如example.org。请参阅 http://jsfiddle.net/jfcox/nPwcu/

I assure you, that'd work on a "normal" website, like example.org. see http://jsfiddle.net/jfcox/nPwcu/

所以，我问，他们在检测是否正在从 iframe 中发出请求时做了什么？
有些浏览器 - 我不知道吗？奇怪的是，情况可能就是这样。来自IE9。

So, I ask, what is it that they are doing to detect that a request is being made from an iframe? Is there some Browser-Fu I don't know about? Oddly enough, that might be the case. From IE9.

为帮助保护您输入此
网站的信息的安全性，此内容的发布者不允许它是
显示在一个框架中。

To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame.

哇！好吧，也许它不是服务器端，也许它都是Browser-Fu。即便如此，IE9和其他浏览器如何知道我不知道的内容？我需要了解什么才能了解​​这一点？

Wow! Ok, so maybe it's not server-side, maybe it's all Browser-Fu. Even so, how does IE9 and these other browsers know what I don't know? What do I need to look up to learn about this?

我有自己的怀疑，即网站根目录下有一些文件，如 crossdomain.xml 对于定义内容使用或其他任何内容的权限的flash，但如果是这种情况，我仍然不知道从哪里开始。

I have my own suspicions, namely that there's some file at the root of the website like crossdomain.xml for flash that defines permissions about content usage or whatever, but I still wouldn't even know where to start if that's the case.

推荐答案

事实证明，这是一个非常简单的复制保护。您需要做的就是设置一个响应标题。

Turns out, it's a pretty simple copy protection. All you need to do is set a response header.

• https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options


• http：//tools.ietf .org / html / draft-ietf-websec-x-frame-options-00

• https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
• http://tools.ietf.org/html/draft-ietf-websec-x-frame-options-00

是，框架而不是iframe。

Yes, "frame", instead of "iframe".

：eyeroll：

我认为这个名字是有道理的，考虑到有人可能仍会尝试使用旧名称用于任何目的的HTML 4 frame 标签，我希望大多数浏览器/ DOM引擎都支持 frame 给出HTML历史的标签。 Netscape创建/支持的框架早在2.0版本和 iframe 是一个后来的纯粹微软发明，被广泛采用，IIRC。

I suppose the name makes sense, considering the possibility somebody could still attempt to use old HTML 4 frame tags for whatever purpose, and I would expect most browser/DOM engines have baked-in support of frame tags given HTML history. Netscape created/supported frames as early as version 2.0 and iframe was a later, purely-Microsoft invention that found wide adoption, IIRC.

这篇关于MDN如何在服务器端检测来自iframe的请求并且不发送任何内容？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！