Home > Software design >  How to only allow access thru an IFRAME
How to only allow access thru an IFRAME

Time:12-12

I noticed the other day that Stack Overflow blocks HTTP requests from an IFRAME

<IFRAME src="https://stackoverflow.com">
</IFRAME>

My question is: Where in the HTTP request header does it get the information that the request is coming from an IFRAME? I am actually interested in doing the opposite: Only accessible from an IFRAME while not accessible directly.

FYI: I have experience creating CORS/.htaccess policies (using Apache) and I can believe that the answer could easily be related to this. Again, what would I need to do to block direct requests but accept those from IFRAME s?

CodePudding user response:

@f_puras 's comment led me to the

content-security-policy frame-ancestors

directive, the newer way to control frame content (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)

Page link:https//www.codepudding.com/Softwaredesign/640172.html

Prev:How do I pass multiple values into a query string in my mongoose / mongodb schema?
Next:I get "SyntaxError: invalid syntax" for plt.figure
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding