Prevent iframe stealing

2020-01-31 03:41发布

站内问答 / PHP
1094 6 4

I think someone is stealing my content using an iframe. My website is a forum and a user has just reported them to me.

How can I find their website programmatically (php,JavaScript,jQuery,HTML) if their are others doing this?

Is this allowed on the internet for them to do this and can I take action?

6条回答
时光不老,我们不散
2楼-- · 2020-01-31 03:58

With JavaScript you can do 

if(window.top==window){
 //not inside iframe
} else {
    if(parent.parent.someFunction){
       parent.parent.someFunction();
    } else {
       alert("framing is not allowed")
    }
}

OR

if (window.top !== window.self) window.top.location.replace(window.self.location.href);

Some modern browsers also support the X-FRAME-OPTIONS header, that can have two values:

* DENY – prevents the page from being rendered if it is contained in a frame
* SAMEORIGIN – same as above, unless the page belongs to the same domain as the top-level frameset holder.

Browsers that support the header:

* IE8 and IE9
* Opera 10.50
* Safari 4
* Chrome 4.1.249.1042
* Firefox with NoScript
查看更多
0人赞 添加讨论(0) 举报
啃猪蹄的小仙女
3楼-- · 2020-01-31 04:03

If you can find out who it is you can tell them they can't use your content in that way. If you own website you can dictate how it can be used.

Have a look at framkillers : http://en.wikipedia.org/wiki/Framekiller

This is a technique to stop sites from being shown in iframes. Keep in mind that even framekillers can be killed.

查看更多
0人赞 添加讨论(0) 举报
何必那么认真
4楼-- · 2020-01-31 04:15

You can prevent other websites from framing your data using a Content Security Policy header e.g. frame-ancestors 'none'; will block every website from embedding your content in an iframe on their site https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

查看更多
0人赞 添加讨论(0) 举报
别忘想泡老子
5楼-- · 2020-01-31 04:19

Use the same method that I suggested here: How to limit display of iframe from an external site to specific domains only

In a nut shell, you add a PHP script in every page (in your case it will probably be just one, assuming it is a template), this script limits the viewing to one (or more) reffering domains.

This method is better than a javascript method because the users might have it disabled.

查看更多
0人赞 添加讨论(0) 举报
叛逆
6楼-- · 2020-01-31 04:21

HTTP access can be blocked to some extend by using an HTTP Referer filter. Access "by host server" can also be monitored through looking at the Referer in the HTTP logs. It's not a perfect solution, but for standard browser access will get you most of the way there. ("No Hot-Linking" setups sometimes work like this.)

For legal action, seek the advice of a lawyer :-) However, my first inclination would be to ask the other site owners to stop. They may just be nice.

查看更多
0人赞 添加讨论(0) 举报
相关推荐>>
7楼-- · 2020-01-31 04:21

you can use this js code in top of your website (header page)

if (window.top !== window.self) window.top.location.replace(window.self.location.href);
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)