Methods to Prohibit Web Pages from being Referenced by iframe in PHP Nginx Apache
- 2021-06-28 11:59:19
- OfStack
You can use php or nginx to add X-Frame-Options header to control frame permissions
X-Frame-Options has three optional values:
DENY: Browser refuses current page to load any Frame page
SAMEORIGIN:frame pages can only be addressed to pages under the same domain name
ALLOW-FROM: Page addresses that allow frame to load
PHP code:
header ('X-Frame-Options:Deny');
Nginx Configuration:
add_header X-Frame-Options SAMEORIGIN
Can be added to locaion
location /
{
add_header X-Frame-Options SAMEORIGIN
}
Apache Configuration:
Header always append X-Frame-Options SAMEORIGIN
Pages that do not allow frame after use will display a whiteboard.
IIS method
Add in the web.config file
<system.webServer>
...
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
...
</system.webServer>
js method
Many of them use this square, and sometimes there are problems with server-side settings
if (self.frameElement && self.frameElement.tagName == "IFRAME") {
top.location.href=self.location.href;
}
if (window.frames.length != parent.frames.length) {
top.location.href=self.location.href;
}
if (self != top) {
top.location.href=self.location.href;
}
Meta Label Method
< meta http-equiv="X-FRAME-OPTIONS" content="DENY" >
css prohibits others from iframe and allows its own
<
style type="text/css"
>
iframe{v:expression (this.src='about:blank',this.outerHTML='');}
#mine{v:expression() !important}
<
/style
>
<
body
>
Content:
<
iframe src="http://www.baidu.com"
>
<
/iframe
>
Baidu
<
iframe src="http://www.126.com/"
>
<
/iframe
>
126 Mailbox
<
iframe src="http://www.163.com"
>
<
/iframe
>
NetEase
<
p
>
The above 3 firames are not allowed
<
/p
>
<
p
>
firame google is what I want.
<
/p
>
<
p
>
<
iframe id="mine" name="myfirame" src="http://www.google.com/" width=800 height=400
>
<
/iframe
>
<
/p
>
Reference resources:
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options?redirectlocale=en-US & redirectslug=The_X-FRAME-OPTIONS_response_header