how to block the content of iframes from browser calls

Question

Is it possible to block iframe's contents for calling from browser alone?

For example;

domain.com/index.php has iframe.php in it.

index.php

has session also iframe.php has. But when session start, user can call iframe.php as

domain.com/iframe.php

You mean *block `iframe.php` to be accessed directly* though address bar? — BlitZ, Jan 18 '14 at 11:28

score 2 · Accepted Answer · edited May 23 '17 at 11:57

2

If javascript is an option, you may detect if iframe is opened in browser directly:

<script type="text/javascript">
if (top.location == self.location) {
    top.location = "http://homepage.com";
}
</script>

Another option is a usage of $_SERVER['HTTP_REFERER'], as mentioned here.

edited May 23 '17 at 11:57

Community

answered Jan 18 '14 at 11:35

BlitZ

javascript solves my problem. I will check other option too. Thank you. – acidburnr Jan 18 '14 at 11:41

1 Answers1