Allow only specific domains to load iFrame

Question

Allow only specific domains to load iFrame

I create several widgets for charity. Due to some malarkey licenses, I have to find some way to allow only white lists of sites to run code, or send an error message (or something like that) rather than a widget.

We should use iFrames as a fair number of sites that are already built into them. Ideally, a PHP solution would be better, but JS is fine if necessary.

So, one liner; Can I check the domain where the iFrame is located and send it to other content?

I wonder what the chances are of doing this ...

+7

javascript php iframe

PaulAdamDavis May 6, '10 at 13:43

source share

1 answer

Johan · Accepted Answer · 2010-05-06T14:01:16+0000

You can use the HTTP_REFERER header.

<?php $allowed_domains = array( 'a-good-domain.com', 'another-nice-one.org', ); $allowed = false; foreach ($allowed_domains as $a) { if (preg_match("@https?://$a/.*@", $_SERVER['HTTP_REFERER'])) { $allowed = true; } } if ($allowed) echo "Nice domain"; else echo "Ugly domain";

Allow only specific domains to load iFrame

More articles: