How to prevent my site page from being loaded into

2020-05-28 11:42发布

站内问答 / JavaScript
871 3 5

We have many gaming websites, among them I am hosting exclusive games on my server, and i don't want to access my games to other websites from my server. I want to restrict them accessing my content from my server.

For Example, assume I am having a website called www.abc.com, at source path like www.abc.com/games/abcgame.swf in which I have hosted my exclusive games. As I want other website holders not to access this content. If they steal this url and trying to access then I want to show some custom message like “Game not found” or somthig like “Please visit www.abc.com to play this game.” etc.

Can anyone having any ideas to implement this feature?

3条回答
看我几分像从前
2楼-- · 2020-05-28 11:55

Doing this via JavaScript is limited in how it will restrict the content to the browser level. You might be better off Apache mod_rewrite to more effectively block content on a server level as explained here.

For example, this code you could place in an .htaccess file if your server supports it. I am using www.abc.com as an example & matching swf & fla files as an example:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?abc.com/.*$ [NC]
RewriteRule ^.*\.(swf|fla)$ - [F]
查看更多
0人赞 添加讨论(0) 举报
再贱就再见
3楼-- · 2020-05-28 12:04 
if (window.top != window.self) {
                window.top.location = window.self.location;
            }

It first checks that the top most frame is the frame itself or not if it is not it changes the top level frame to this one. it is javascript.

查看更多
0人赞 添加讨论(0) 举报
别忘想泡老子
4楼-- · 2020-05-28 12:08

A first solution is to use X-Frame-Options header to prevent loading your page to an iframe. X-Frame-Options can specify one of two values: SAMEORIGIN, which only allows iframes from the same origin to display this content, and deny, which prevents any iframe from doing so. BUT this header is not part of HTTP specification and was introduced by Microsoft, so not all browsers support this header. An example of X-Frame-Options:

X-Frame-Options: SAMEORIGIN

In case some old browsers don't support the X-Frame-Options header. You could try a technique called FrameKiller. There are limitations, though, as pointed out in that link.

The user agent does not support JavaScript.

The user agent supports JavaScript but the user has turned support off.

The user agent's JavaScript support is flawed or partially implemented.

The idea is to use javascript to detect whether your page is loaded into an iframe. There are many ways to implement a frame killer script.

For your requirement, you could implement a frame killer script like this: try to access your parent window to read the window.location. If they include your page inside their iframe, the code would throw exception (cross-domain)

Example code:

window.onload = function(){
   try
   {
       if (window.parent && window.parent.location.hostname !== "www.abc.com"){
          throw new Error();
       }
   }
   catch (e){
      alert("Please visit www.abc.com to play this game.");
      //You could do whatever you want here
   }
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)