Of Stack

Methods to Prohibit Web Pages from being Referenced by iframe in PHP Nginx Apache

  • 2021-06-28 11:59:19
  • OfStack

You can use php or nginx to add X-Frame-Options header to control frame permissions
X-Frame-Options has three optional values:

DENY: Browser refuses current page to load any Frame page
SAMEORIGIN:frame pages can only be addressed to pages under the same domain name
ALLOW-FROM: Page addresses that allow frame to load

PHP code:

header ('X-Frame-Options:Deny');

Nginx Configuration:

add_header X-Frame-Options SAMEORIGIN

Can be added to locaion

location /
{
add_header X-Frame-Options SAMEORIGIN
}

Apache Configuration:

Header always append X-Frame-Options SAMEORIGIN

Pages that do not allow frame after use will display a whiteboard.

IIS method

Add in the web.config file 


<system.webServer>
  ...
  <httpProtocol>
  <customHeaders>
  <add name="X-Frame-Options" value="SAMEORIGIN" />
  </customHeaders>
  </httpProtocol>
  ...
</system.webServer>

js method

Many of them use this square, and sometimes there are problems with server-side settings 


if (self.frameElement && self.frameElement.tagName == "IFRAME") {
  top.location.href=self.location.href;
}
if (window.frames.length != parent.frames.length) {
  top.location.href=self.location.href;
}
if (self != top) { 
  top.location.href=self.location.href;
}

Meta Label Method

< meta http-equiv="X-FRAME-OPTIONS" content="DENY" >

css prohibits others from iframe and allows its own

< style type="text/css" >
iframe{v:expression (this.src='about:blank',this.outerHTML='');}
#mine{v:expression() !important}
< /style >
< body > Content: < iframe src="http://www.baidu.com" > < /iframe > Baidu < iframe src="http://www.126.com/" > < /iframe > 126 Mailbox < iframe src="http://www.163.com" > < /iframe > NetEase < p > The above 3 firames are not allowed < /p > < p > firame google is what I want. < /p > < p > < iframe id="mine" name="myfirame" src="http://www.google.com/" width=800 height=400 > < /iframe > < /p >

Reference resources:

https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options?redirectlocale=en-US & redirectslug=The_X-FRAME-OPTIONS_response_header

Related articles: