I embedded a Shiny application with an iframe in my website, and I am now trying to protect my Shiny application : I want the iframe to be reachable only in my website, not directly with its URL.

  <iframe name="rshiny" 
    src="http://url-of-my-shiny-app/" style="border: none; width: 100%;height:800px;">
  </iframe>  

To do that, I am trying to get the URL of the parent which contains the iframe inside of my Shiny-app, and block it whether it's not the good website.

The problem is : I found how to get the URL parent in many languages but R. Does anyone know how I could do it ?

I had another possible solution, which doesn't work for the moment :

postForm('http://url.php', .params = params, curl = curl, style="POST")

I thought I could send a post variable from my website to my R application, like a key, to give the access only to the websites who know the key. But I can't make it work.

EDIT : I think this question is different from the link suggested in the comments. Indeed, the suggested option doesn't seem to be usable in R Shiny.

I found a solution !

Over here, you can find a way to get the "GET" variables in your shiny app. https://github.com/brianbolt/rShinyApps/tree/master/getParameters.shiny . In my PHP code, I calculate a md5 password, which depends on the date, to make it change everyday, and I use it as a GET parameter in my iframe :

<iframe name="rshiny" 
    src="youradress?bins=<?php echo $md5password;?">
  </iframe>  

From that point, I can use it directly inside of my code (see input$n_breaks in the code I shared). I create a reactive function in my server.R, which calculates the same md5 password.

In the end, we compare it to the password given in the parameters. If it's the same, we open the plots, read the data... Otherwise, we just stop the process.