stackoom
  简体   繁体   中英

How to render a widget only on the domain for which it is created

 原文  2015-11-23 09:34:59       php/ security/ widget

Question

I have a widget (built with PHP on an Apache webserver) that is embedded on webpages of other sites.

I'd like to render the widget only on pages for which the widget was built.

For example, if the widget is for site example-a.com and it is embedded on domain example-b.com, I want it is not shown on example-b.com. Is it possible to do something like this?

Maybe using http_referer I can solve the problem?

To embed the widget I use an iframe , but I'm not sure the http_referer isn't hackable.

The iframe is something like this: 

<iframe id="WidgetContent" src="http://127.0.0.1:8000/widget/1" frameborder="0" height="600"></iframe>

So no javascript is used.

Any advices on this? Thank you!

1 answers

solution1
 1  2015-11-23 10:07:31

您可以使用X-Frame-Options HTTP 响应标头指定允许哪些站点在框架中显示页面。

X-Frame-Options: http://example-a.com

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Cookie is created by which and how? Having a widget_id how can I render the widget itself How to render formatted post content in widget in Wordpress I want to create a widget which will render an application on sites who add that Widget to their webpage How to find the domain name on which the website is hosted How to Only Show Certain Posts in Widget? how to query only one post in wordpress widget How can I created new custom Calendar widget in WordPress? how to only allow one domain to access files and folders in another domain How to make a website go live created using on WampServer to a given domain?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM