PHP中获取iframe的父url

发布于 2024-09-19 19:30:04 字数 384 浏览 7 评论 0原文

我正在创建一个将在 IFrame 中加载的小部件,用户将能够将该小部件放置在自己的网站上。如何获取在 javascript 和/或 PHP 中使用 IFrame 的网站的 URL? IFrame 加载一个 php 文件。

我在 IFrame 页面中尝试过“parent.top.location.href”和“parent.document.referrer”,但这是未定义的。

我还尝试在 IFrame 页面中回显“$_Server[referrer]”,并且确实返回了 IFrame 父 URL,但是有人操纵referrer 变量有多容易?我不想得到误导性信息。 目标:我创建了一个小部件,并希望允许注册用户在其网站上使用该小部件。我希望能够找出谁在使用该小部件,如果未注册的用户在其网站上使用它,则该小部件将不会显示

I am creating a widget that would load in a IFrame and users will be able to place the widget on their own website. How would I get the URL of the website that is using the IFrame in javascript and/or PHP? The IFrame loads a php file.

I have tried "parent.top.location.href" and "parent.document.referrer" in the IFrame page but that is undefined.

I have also tried to echo "$_Server[referrer]" in the IFrame page and that did return the IFrame parent URL, but how easy is it for someone to manipulate the referrer variable? I dont want to get misleading information.
The Goal: I created a widget and want to allow registered users to use that widget on their site. I want to be able to find out who is using the widget and if a un-registered user is using it on their site, then the widget would not display

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

蓝眼睛不忧郁 2024-09-26 19:30:04

我也尝试过回显
IFrame 中的“$_Server[referrer]”
页面并返回了 IFrame
父 URL,但这有多容易
有人操纵推荐人
变量?

非常简单,但禁用 JavaScript 也很简单!但是,如果网站使用您的 ,他们就很难在访问者的 UA 中伪造引荐来源网址。 这种情况下,您唯一的选择就是首先不发布它。)

(如果他们确实坚持隐藏他们正在使用您的内容的事实,他们也可以代理您的内容。在 为“合作伙伴”呈现内容,只有您可以考虑向他们提供令牌(例如 Twitter/Google/... API)。如果未使用(或使用无效)令牌,则显示错误。如果使用了有效令牌但推荐人可疑,您应该进一步调查。

I have also tried to echo
"$_Server[referrer]" in the IFrame
page and that did return the IFrame
parent URL, but how easy is it for
someone to manipulate the referrer
variable?

Pretty easy, but so is disabling JavaScript! However, if a web site uses your <iframe> it will be a little difficult for them to fake the referrer in their visitor's UA. (They could also proxy your content if they really insist on hiding the fact that they're using your content. In that case your only choice is not to publish it in the first place.)

In order to present content for "partners" only you could consider providing them with a token (like Twitter/Google/... APIs). If no (or an invalid) token is used, present an error. If a valid token is used but the referrer is suspicious you should investigate further.

樱花细雨 2024-09-26 19:30:04

尝试使用:

parent.location.href;

parent.document.URL

Try with:

parent.location.href;

or

parent.document.URL
南街九尾狐 2024-09-26 19:30:04

您可以使用以下 PHP 代码让父窗口 URL 获取数组中的值:

  <?php
       //Getting the parent window parameters
        $getURLVar = str_replace("?","",strrchr($_SERVER['HTTP_REFERER'],"?"));
        $getURLVar = str_replace("&","=",$getURLVar);
        $getURLVar = str_getcsv($getURLVar,"=");
        $i=0;
        foreach ($getURLVar as $value)
          {
            if ($i % 2)
                $value1[$i]=$value;
            else
                $value2[$i]=$value;

            $i++;
          } 
        $getURLVar =array_combine($value2,$value1);


        print_r($getURLVar);
    ?>

You can use the following PHP code to have the parent window URL get values in an array:

  <?php
       //Getting the parent window parameters
        $getURLVar = str_replace("?","",strrchr($_SERVER['HTTP_REFERER'],"?"));
        $getURLVar = str_replace("&","=",$getURLVar);
        $getURLVar = str_getcsv($getURLVar,"=");
        $i=0;
        foreach ($getURLVar as $value)
          {
            if ($i % 2)
                $value1[$i]=$value;
            else
                $value2[$i]=$value;

            $i++;
          } 
        $getURLVar =array_combine($value2,$value1);


        print_r($getURLVar);
    ?>
触ぅ动初心 2024-09-26 19:30:04

iframe-d 页面中的一小段 JavaScript 可以“取消框架”页面:

if (top != self) {top.location.replace(self.location.href);}

否则,如 @mck89 说:iframe 可以使用 top.location.href 访问父页面的 URL。

进一步阅读问题如何防止我的网站页面通过 iframe 的第 3 方网站框架加载

A small piece of JavaScript in the iframe-d page can 'un-frame' the page:

if (top != self) {top.location.replace(self.location.href);}

Otherwise, as @mck89 says: the iframe can access the URL of the parent page using the top.location.href.

Further reading on the question How to prevent my site page to be loaded via 3rd party site frame of iframe.

撧情箌佬 2024-09-26 19:30:04

假设您的小部件的 URL 不执行任何重定向等操作,您应该能够

document.referrer

在 iframe 内的 javascript 中使用:并且它应该包含父页面的 URL。这似乎就是 YouTube 在其 iframe 嵌入代码中跟踪的做法。

Assuming your widget's URL doesn't do any redirects, etc., you should be able to use:

document.referrer

from within the javascript inside your iframe and it should contain the URL of the parent page. This seems to be what YouTube does for tracking in their iframe embed codes.

酒几许 2024-09-26 19:30:04

我会使用:

$qStr = explode('?', $_SERVER['HTTP_REFERER']);        
$t= explode('&', $qStr[1]);
foreach ($t as $val)
{
    $a = explode('=', $val);
    $args[$a[0]]=$a[1];
}
// to check the arguments
print_r($args);
// to check the url
echo $qStr[0];

$args 将包含我的安全令牌,该令牌将通过针对 url 的哈希值进行检查

I would use:

$qStr = explode('?', $_SERVER['HTTP_REFERER']);        
$t= explode('&', $qStr[1]);
foreach ($t as $val)
{
    $a = explode('=', $val);
    $args[$a[0]]=$a[1];
}
// to check the arguments
print_r($args);
// to check the url
echo $qStr[0];

$args would contain my security token which would be checked by some hashing against the url

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文