Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to limit access of external url iframe to a specific parent url

Posted on 2010-11-10
9
Medium Priority
?
1,712 Views
Last Modified: 2012-05-10
Hello

Is it possible to determine the url of the opening parent for an external url iframe.

We want to only allow the iframe to be populates from within a specific site.

cheers
stu
0
Comment
Question by:stucal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 12

Expert Comment

by:pigmentarts
ID: 34101868
Not that I know of from within the iFrame, however you could easly just post the URL into the iframe
for example


<cfset parent = #cgi.server_name##cgi.script_name#?#cgi.query_string#>

<iframe src ="index.cfm?parentURL=#parent#" >

</iframe>

Open in new window

0
 

Author Comment

by:stucal
ID: 34102280
That wont really help we are trying in effect to secure the execution of the iframe content to one site, this would allow running from anywhere as the parent is avaiabale in the source of the parent site.

I suppose it cant be done.
0
 
LVL 12

Accepted Solution

by:
pigmentarts earned 750 total points
ID: 34103168
if you have access to the page with the iframe on then it's a simply process of detecting the page and choosing to not show the contents of the iframe (but the iframe will still be loaded).

However if you only have the iframe and don't have access nor know who the parent page is, then its already executed by the time the iframe loads, and you would need JavaScript. It 100% doable in JS

you can tell if you are being framed with javascript.  for example within your iframe you could get the parent url

parent.location.href


0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:stucal
ID: 34103563
The iframe is on an external domain, will parent.location.href show the calling domain even if its differnt to the iframe source?
0
 
LVL 12

Expert Comment

by:pigmentarts
ID: 34104004
It should do, it will be called client side
0
 
LVL 20

Expert Comment

by:Proculopsis
ID: 34135616

I'm not sure if I've got this right but surely all you need to do is validate #CGI.HTTP_REFERER# within the iframe cfm and make sure the domain is approved.
0
 
LVL 12

Expert Comment

by:pigmentarts
ID: 34137343
Have not tried it in an iframe, my guess is that it would not work as it's called within the iframe.

I perosnally keep away from CGI.HTTP_REFERER not all clients will send the refering address and you will block genuine users who have set high seurity setting or have a firewall like Zone Alarm running etc.
0
 
LVL 4

Expert Comment

by:docnica
ID: 34170778
why not putting the iframe inside a cfif? I don´t really undestand what your are trying to do. I recently had to pass a PCI certification so we had to deal with a lot of issues like that, if you explain more I may be able to help.
0
 

Author Closing Comment

by:stucal
ID: 34316698
We did not go for an iframe in the end, but this seemed to be the most likely solution
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, Even though I have created this Tutorial on My personal Blog, Some people might not able to find my website, So here i am posting it again Today, from the topic it is very clear that i will be showing you here the very basic usage of how we …
Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question