-2

there is a web app. It suppouse to be avilable only in specific iframe (corp. site), so uninvited guests are redirect to clients web site by script. Code below is working, but java could be disable in browser. IP white list would be a great solution, but too many dynamic IP is used.

What php trick can be used to check is site opened in iframe?

<script>
                if (top === self) window.location.replace('http://uninvited-guests-go.here'); 
</script>
<?php header('X-Frame-Options: ALLOW-FROM https://iframe.allow.only'); ?>
wolverineo250kr
  • 21
  • 2
  • Not a duplicate. This questioner is asking how to do it purely in PHP, whereas the linked supposed duplicate is looking for (and has received) a Javascript solution. – Nick Coons Sep 04 '17 at 18:07

1 Answers1

0

PHP has no way of knowing what's happening in the browser, but as you've noted, javascript can dependably determine the existence of an iframe with window.top === window.self; If you are set on using a pure PHP solution, you could send a GET parameter through in your URL, to tell PHP which guests are invited, and which aren't.

<?php
// yousite.com <-- uninvited user
// yoursite.com?invited=1 <-- invited user

if (isset($_GET['invited']) && $_GET['invited'] === 1) {
    // handle your invited guests here
}

You'll also need to add this GET param to your iFrame source.

slothluvchunk
  • 382
  • 2
  • 9