While standing in an Iframe, can we redirect to a page outside of Iframe (target page is on a different domain)?
Asked
Active
Viewed 72 times
0
-
Can you give an example? – nice_dev Oct 15 '19 at 07:00
-
before landing on the main page in iframe, I want to verify the request(by using Http_Referer or public-private keys). If request is not verified, I want to redirect to the parent page. – Shafiq Rana Oct 15 '19 at 07:04
-
You mean you want to allow certain sites to embed your site in an iframe? – nice_dev Oct 15 '19 at 07:08
-
Yes, and If a I don't want to allow that certain site then it should be redirected to that site – Shafiq Rana Oct 15 '19 at 07:30
-
So you could check if the site is authentic using `$_SERVER['HTTP_REFERER']`. If it doesn't match with any of your data, you could probably send `X-Frame-Options: sameorigin` header which would avoid loading your site in their iframe. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options – nice_dev Oct 15 '19 at 07:46
-
**Update:** `HTTP_REFERER` isn't reliable as it is sent from the client's browser. https://stackoverflow.com/questions/165975/determining-referer-in-php You would probably want to have embed links like how google or youtube does. However, anyone with your embed link could use it. So I presume this doesn't satisfy your business need. You may have to change your strategy. – nice_dev Oct 15 '19 at 07:50
-
1@vivek_23 Thanks, I found another thing, instead of sending back to from where request was coming, I redirect it to an error page inside my iframe showing error details. – Shafiq Rana Oct 16 '19 at 07:58