Detect if a given page is opened within an IFRAME

5

I wonder if you can detect the following situation:

  • We have an intranet (from a directory) that is loaded through a given address: http: intr.abcdabcd.abc.br

  • We have a global INTRANET, within the first page of the Global intranet, the DIRETORY intranet is loaded into an IFRAME (then the SRC attribute of this IFRAME is > > "http: intr.abcdabcd.abc.br "

  • Question, is it possible, inside the page that responds by the address "http: intr.abcdabcd.abc.br" I detect that "am being" opened within an IFRAME?

    Objective, if I detect that I am opening within an IFRAME, adjust the presentation.

    Sincerely,

        
    asked by anonymous 25.01.2016 / 17:25

    3 answers

    4

    You can try to access window.frameElement , if frameElement is null, it's because you're not within iFrame .

        
    25.01.2016 / 17:33
    4

    You have, you can do as I explained in JavaScript - Difference between this and self , then inside the page that can possibly be called inside the iframe add this:

    if (window.top !== window.self) {
        alert('Esta página foi provavelmente chamada dentro de um iframe');
    } else {
        alert('Esta página foi aberta diretamente na aba/janela');
    }
    

    What each property does:

    • window.self returns the current window object

    • window.top returns the window object above all, for example if a page has an iframe named #frame1 and this iframe has another iframe named #frame2 , then in #frame2 use window.top it will return the page object that shipped #frame1

    You may also want to check if the domain is the same as your domain then the function does not occur, for example:

    if (window.top.location.host !== window.location.host) {
        alert('Sua página foi embarcada por um dominio diferente');
    } else if (window.top !== window.self) {
        alert('sua página foi provavelmente embarcada por uma página do mesmo dominio');
    } else {
        alert('Esta página foi aberta diretamente na aba/janela');
    }
    

    Redirecting

    If you want to redirect to your own site you can use .location = ... or .location.replace(...) , the difference between them is that location.replace will replace the current page, making the page that had iframe not and forward , which may be more interesting, eg

    if (window.top !== window.self) {
        alert('Este site não permite enquadramentos (frame), você esta sendo redirecionado'); //Mensagem opicional
        window.top.location.replace(window.self.location.href);
    }
    

    X-Frame-Options

    However, one interesting thing you can use to prevent embed (if that's what you want) is to use the header X-Frame-Options , which can be added via server-side or even via .htaccess, web.config, etc. There are 3 possible values:

    • X-Frame-Options: DENY

      Prevents embed using frame or iframe from any site, even the site itself

    • X-Frame-Options: SAMEORIGIN

      Prevent site with domains other than your own from loading your page (s), but if it is the same domain then you can

    • X-Frame-Options: ALLOW-FROM https://sitepermitido.com/

      Allows a specific site to upload your page (s).

    Examples with SAMEORIGIN :

    • .htaccess :

      Header add X-Frame-Options "SAMEORIGIN"
      
    • web.config ( ... is to indicate that you can add more settings):

      <?xml version="1.0" encoding="utf-8"?>
      <configuration>
          <system.webServer>
             <httpProtocol>
                  <customHeaders>
                      <add name="X-Frame-Options" value="SAMEORIGIN" />
                      ...
                  </customHeaders>
              </httpProtocol>
              ...
          </system.webServer>
      </configuration>
      
    • nginx.conf :

      location pasta_especifica {
           add_header X-Frame-Options SAMEORIGIN;      
      }
      
    • PHP :

      <?php
      header('X-Frame-Options: SAMEORIGIN');
      
    • asp.net (in , I think it's not much different if written in vb.net)

      Response.AppendHeader("X-Frame-Options", "SAMEORIGIN");
      
    19.05.2017 / 17:12
    0

    I believe that you can use the parent property (A reference to the parent of the current window or subframe), and even be more specific as getting the address of the window that contains the iframe.

    parent.location.href
    

    For more information you can use the link below.

    link

        
    25.01.2016 / 19:41