PHP中获取iframe的父url
我正在创建一个将在 IFrame 中加载的小部件,用户将能够将该小部件放置在自己的网站上。如何获取在 javascript 和/或 PHP 中使用 IFrame 的网站的 URL? IFrame 加载一个 php 文件。
我在 IFrame 页面中尝试过“parent.top.location.href”和“parent.document.referrer”,但这是未定义的。
我还尝试在 IFrame 页面中回显“$_Server[referrer]”,并且确实返回了 IFrame 父 URL,但是有人操纵referrer 变量有多容易?我不想得到误导性信息。 目标:我创建了一个小部件,并希望允许注册用户在其网站上使用该小部件。我希望能够找出谁在使用该小部件,如果未注册的用户在其网站上使用它,则该小部件将不会显示
I am creating a widget that would load in a IFrame and users will be able to place the widget on their own website. How would I get the URL of the website that is using the IFrame in javascript and/or PHP? The IFrame loads a php file.
I have tried "parent.top.location.href" and "parent.document.referrer" in the IFrame page but that is undefined.
I have also tried to echo "$_Server[referrer]" in the IFrame page and that did return the IFrame parent URL, but how easy is it for someone to manipulate the referrer variable? I dont want to get misleading information.
The Goal: I created a widget and want to allow registered users to use that widget on their site. I want to be able to find out who is using the widget and if a un-registered user is using it on their site, then the widget would not display
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
非常简单,但禁用 JavaScript 也很简单!但是,如果网站使用您的
,他们就很难在访问者的 UA 中伪造引荐来源网址。 这种情况下,您唯一的选择就是首先不发布它。)
(如果他们确实坚持隐藏他们正在使用您的内容的事实,他们也可以代理您的内容。在 为“合作伙伴”呈现内容,只有您可以考虑向他们提供令牌(例如 Twitter/Google/... API)。如果未使用(或使用无效)令牌,则显示错误。如果使用了有效令牌但推荐人可疑,您应该进一步调查。
Pretty easy, but so is disabling JavaScript! However, if a web site uses your
<iframe>
it will be a little difficult for them to fake the referrer in their visitor's UA. (They could also proxy your content if they really insist on hiding the fact that they're using your content. In that case your only choice is not to publish it in the first place.)In order to present content for "partners" only you could consider providing them with a token (like Twitter/Google/... APIs). If no (or an invalid) token is used, present an error. If a valid token is used but the referrer is suspicious you should investigate further.
尝试使用:
或
Try with:
or
您可以使用以下 PHP 代码让父窗口 URL 获取数组中的值:
You can use the following PHP code to have the parent window URL get values in an array:
iframe-d 页面中的一小段 JavaScript 可以“取消框架”页面:
否则,如 @mck89 说:iframe 可以使用
top.location.href
访问父页面的 URL。进一步阅读问题如何防止我的网站页面通过 iframe 的第 3 方网站框架加载。
A small piece of JavaScript in the iframe-d page can 'un-frame' the page:
Otherwise, as @mck89 says: the iframe can access the URL of the parent page using the
top.location.href
.Further reading on the question How to prevent my site page to be loaded via 3rd party site frame of iframe.
假设您的小部件的 URL 不执行任何重定向等操作,您应该能够
在 iframe 内的 javascript 中使用:并且它应该包含父页面的 URL。这似乎就是 YouTube 在其 iframe 嵌入代码中跟踪的做法。
Assuming your widget's URL doesn't do any redirects, etc., you should be able to use:
from within the javascript inside your iframe and it should contain the URL of the parent page. This seems to be what YouTube does for tracking in their iframe embed codes.
我会使用:
$args 将包含我的安全令牌,该令牌将通过针对 url 的哈希值进行检查
I would use:
$args would contain my security token which would be checked by some hashing against the url