如果未在colorbox / iframe中打开，则阻止访问页面（重定向）

Question

I've got a page that I don't want anyone to be able to access if it isn't being opened in a colorbox. I'd like to redirect them back to "/dashboard/".

To clarify, if the page is accessed directly(not in an iframe/colorbox), redirect, else, load the page.

Answer 1

You can use javascript to check if the current page is the top page:

if (top == self) {
  top.location = '/dashboard/';
}

But of course javascript can be turned off.

Answer 2

If you are opening the item in an iframe, this isn't really possible, as the browser will load the iframe just as it would load it if it visited the page directly.

You could do a nonce type thing, where you generate a number on page load, and pass it as a GET variable to the iframe, which will check to make sure the val passed to it is the same one as stored in the SESSION, if the session one doesn't exist or is different, redirect; if it is the same delete the value from the session and load normally.

I'm not sure how well that would work though; an example of it breaking may be if the user tries to refresh the iframe, it would instead end up embedding the webpage you're on (/dashboard/) into the iframe.

So the simple answer is no, without a some complexity and risking breaking people's experience, it isn't possible.

Answer 3

This is how you can prevent the call in jquery but I cannot see why this is needed, the user can easily just direct to the link, if you really wanted a temp fix then you could check the parent of the link exists

$('a').click(function(e){
    if($(e.target).parent('#colourBoxID').length > 0){

       //go to page

    }
    else{

    //redirect
    }
});