0

I just wanted to know if there was a way to get something to be future proof, as we may create new subdomains, and want people know that the site they are using is correct (as we have had a few cases of people rehosting our site)

if(window.location.href != "example.com" || "*.example.com"){
document.getElementById('alert').innerHTML = "This is site is not recognized as an official site";}

Where "*" would be a wildcard for any subdomain, and the ID "alert" is a div which we use to display important message.

Jordan
  • 61
  • 1
  • 14
  • 2
    Use `location.hostname` and check it with a regex but this test seems useless: either you're providing the page or the user may change the script. – Denys Séguret Oct 22 '15 at 08:56

2 Answers2

1

Use location.hostname and check if it ends with your domain, e.g. like this:

if(!location.hostname.match(/example.com$/)){
     alert(...);
}

This will match the domain example.com as well as www.example.com and any subdomain.example.com. But it will also match things like otherexample.com. To prevent this, use the following regex:

if(!location.hostname.match(/(^|\.)example.com$/)){
     alert(...);
}

This regex matches anything which is only example.com or starts with a dot and ends with example.com, so www.example.com and subdomain.example.com, but not otherexample.com because there's not dot in front of this example.com.

Reeno
  • 5,720
  • 11
  • 37
  • 50
0

I would rather look into using the meta header X-Frame-Options and Content-Security-Policys to solve your problem of rehosting.

X-Frame-Options: https://stackoverflow.com/a/19843216/634264

Content-Security-Policys: http://www.html5rocks.com/en/tutorials/security/content-security-policy/

Community
  • 1
  • 1
trondkla
  • 21
  • 7