Disable Basic Auth for iframes
Question
Here is what I am dealing with. I have the following in httpd.conf file. This forces authentication on 127.0.0.1/example as intended.
<Location /example/>
AuthType Basic
AuthName ...
AuthUser File ...
Require valid-user
</Location>
I also have a php file as follows ( http://127.0.0.1/pre2.php )
<?php if(isMember()=='access'){?>
<iframe src="http://127.0.0.1/example" style="border: none; width:100%; height:1100px;"></iframe>
<?php
}?>
I need to make sure authentication doesn't get called by apache when 127.0.0.1/example is accessed via iframe in pre2.php.
2 answers
solution1
2 2015-09-28 00:20:54
Unless you can pass some authentication information to the /example request, there's not going to be a way to do this without someone being able to circumvent authentication. You can't check the Referer header because that can be forged.
What you're better off doing, is in your pre2.php script, instead of linking to the /example content via an iframe, can you just read the content and insert it.
solution2
0 2015-09-27 23:52:26
For some reason it won't let me add a comment under yours. But I misunderstood your question I think. Yeah, I suppose that you are correct. What about doing an include on the file? Does that get around it?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.