Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Allow only certain domains being able to load an iFrame

I'm building some widgets for a charity. Due to some logo licensing malarkey, I've got to find some way of only allowing white-listed sites from running the code, or to send a error message (or something like that) rather than the widget.

We've got to use iFrames as a fair few sites have already embedded them. Ideally, a PHP solution would be best, but JS is ok if needs be.

So, the one liner; Can I check the domain the iFrame is sitting in and send it different content?

I wonder what the chances are of being able to do this...

like image 460
PaulAdamDavis Avatar asked May 06 '10 13:05

PaulAdamDavis


1 Answers

You can use the HTTP_REFERER header.

<?php

$allowed_domains = array(
        'a-good-domain.com',
        'another-nice-one.org',
        );

$allowed = false;
foreach ($allowed_domains as $a) {
    if (preg_match("@https?://$a/.*@", $_SERVER['HTTP_REFERER'])) {
        $allowed = true;
    } 
}

if ($allowed) 
    echo "Nice domain";
else
    echo "Ugly domain";
like image 145
Johan Avatar answered Oct 09 '22 08:10

Johan