I did a web app recently, my surprise! I saw it as a mobile app on someone's phone which is quite functioning very well, The person only knew the URL and nothing else.FIrstly, I thought it could be Iframe that the person used so I tried to prevent the site from being loaded in an iframe but it is still showing on that mobile app. Please what can I do?

CodePudding user response：

I hope this has convinced you to switch over to using iframes whenever adding untrusted content to your site. If set up properly, they provide the best protective separation between your content and third-party content, especially on new browsers that support sandboxing. Iframes are here to stay. Have any questions or other ideas about embedding third-party content? Sound off in the Hacker News comments.

Details log on: https://www.synopsys.com/blogs/software-security/protect-your-website-with-iframes/

CodePudding user response：

AFAIK, if the webapp has the right properties and manifest, then, by design it can be run as a mobile app. Once such an app is running on a browser on the mobile, the browser displays a button to save/install it. Once saved, an icon shows up on the screen and it runs like an app. And it can also auto-update to the new version.

Therefore, one way to prevent this (I don't know why you would want to), is to write code in the app to detect what it is running on, and refuse to run on a mobile.