Skip to content Skip to sidebar Skip to footer
Home / Embed / Google Chrome Extension / Iframe / Javascript / Jquery

Checking If A Website Doesn't Permit Iframe Embed

Post a Comment
I am writing a simple lightbox-like plugin for my app, and I need to embed an iframe that is linked to an arbitrary page. The problem is, many web sites (for example, facebook, nyt

Solution 1:

Check x-frame-options header by using following code

$url = "http://stackoverflow.com";
$header = get_headers($url, 1);
echo $header["X-Frame-Options"];

If return value DENY, SAMEORIGIN or ALLOW-FROM then you can't use iframe with that url.


Solution 2:

Probably pretty late but what you need to do is make a request, likely from your server and look for the x-frame-options header. If it's there at all you can just open a new tab because if it is there is is one of the following: DENY, SAMEORIGIN, ALLOW-FROM. In any of these cases it's likely that you don't have access to open it in an iframe.


Solution 3:

This subject has been discussed forever on the web with a particularly interesting (failed) attempt here:

Frame Buster Buster ... buster code needed

The bottom line is that even if you are able to construct a proxy that parses the contents of the page that you want in your iframe and removes the offending code before it is served to the iframe you may still come under "cease and desist" from the site if they get to hear about you doing it.

If you don't want your development to be widely available, you could probably get away with it. If you want your development to become popular, forget about it, and build a less underhand way of dealing with it.

Or develop it for mobile only... ;)

UPDATE: OK following on from your comment here's a bit of taster:

in javascript capture the click on the link 

$("a").click(function(e){

    preventDefault(e); // make sure the click doesn't happen

    // call a server side script using ajax and pass the URL this.href
    // return either a true or false; true = iframe breakout
    // set the target attribute of the link to "_blank" for new window (if true)
    // set the target attribute of the link to "yourframename" for iframe (if false)
    // only now load the page in the new window or iframe
});

server side in PHP

$d = file_get_contents($url); // $url is the url your sent from the browser
// now parse $d to find .top .parent etc... in the <head></head> block
// return true or false

You may like these posts

Post a Comment for "Checking If A Website Doesn't Permit Iframe Embed"