0

Possible Duplicate:
access parent url from iframe

I am currently have an iframe tag, e.g.:

<iframe src="www.mydomain.com/animation.html></iframe>

...and i want my client to embed this tag to render on their page , however i want to offer only some domain name list in my database to render this iframe, so how can i do. thanks

Community
  • 1
  • 1
Pon Somean
  • 145
  • 1
  • 14
  • 1
    Are you saying you want your "animation.html" page to detect when it is included in an iframe and, further, detect the domain of the page that the iframe is included in? – nnnnnn Dec 05 '12 at 05:15
  • of course, it is. After detect a domain that "animation.html" is embedded in then i will let my code to compare with my list. – Pon Somean Dec 05 '12 at 06:06

4 Answers4

0

You can use parse_url. It help you to detect domain

Nikita Melnikov
  • 209
  • 1
  • 8
0

Solution 1: You can do it by allowing their IP addresses and disallow all other IPs, just create .htaccess file and add following rules in it.

order deny,allow
deny from all
allow from 111.222.333.444

Solution 2: second way to apply restrictions is to use PHP file instead of a plane HTML file and add any kind of restriction in it, see code below

// animation.php

<?php
$allowed_domains = array(
    'www.example-1.com',
    'www.example-2.com',
    'www.example-3.com',
);

if (in_array($_SERVER['SERVER_NAME'], $allowed_domains)) : ?>

    Your I-frame content goes here!

<?php endif;?>
Tahir Yasin
  • 11,489
  • 5
  • 42
  • 59
  • iframe requests come from an individual user's browser location, not from the domain of the host page. – jfriend00 Dec 05 '12 at 05:39
  • @jfriend00 the answer is exactly according to the requirements in question. Pon Somean said "i want to offer only some domain name list in my database to render this iframe" – Tahir Yasin Dec 05 '12 at 06:03
  • The OP wasn't very clear with the question, but I assumed that they meant they wanted to control which domain's webpages could embed their iframe. – jfriend00 Dec 05 '12 at 06:16
  • No he wants to restrict the usage of iframe only to some domains, you misunderstood the question/answer and down voted my answer. Now you should up-vote. – Tahir Yasin Dec 05 '12 at 06:22
  • 1
    Sorry, but domains don't use iframes. Web pages loaded from a browser use iframes and the iframes are loaded from the browser's location, not from the domain of the web page. – jfriend00 Dec 05 '12 at 06:34
  • @Tahir Yasin Your second solution is simply use able, however the problem is that we can not get client domain name. While $_SERVER['SERVER'] will return our server domain but not client domain. – Pon Somean Dec 06 '12 at 04:06
0

If you want to limit which sites can include your page inside an iframe, you could hand out unique tokens to each domain; the code for each domain would look like this:

<iframe src="http://mydomain.com/animation.html?token=absfqeqwe"></iframe>

This just puts up a small barrier, someone could simply copy it from one of your legit sites and then use it for themselves.

Personally I don't think this is doable.

Ja͢ck
  • 170,779
  • 38
  • 263
  • 309
0

A number of browsers support the x-frame-options header which is described here. This allows you to list acceptable domains that can frame your page.

Some other discussion here: Frame Buster Buster ... buster code needed

Community
  • 1
  • 1
jfriend00
  • 683,504
  • 96
  • 985
  • 979