What is the best method to security check that my JS game is not currently being embedded (iframe loaded) by some 3rd party trash domain? It seems content security policy does not always work.
Asked
Active
Viewed 54 times
0
-
Have you tried "jumping out" of the iframe by setting `window.parent.location.href=http://mygame.com` , or just checking if there is a `window.parent`? – Kokodoko Apr 01 '19 at 13:00
-
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options – epascarello Apr 01 '19 at 13:06