Catching "Display forbidden by X-Frame-Options” [d

2019-02-18 01:01发布

站内问答 / JavaScript
692 1 4

This question already has an answer here:

I understand that this error can not be overcome.

But what I would like to do is that when I encounter a page that can't be embed instead the page simply loads as a pop up. What is currently happening is that I am being redirected to the page.

I see the following error in chrome for pages that are unable to be embedded. 

 Refused to display 'http://www.nokia.com/us-en/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'

1条回答
来,给爷笑一个
2楼-- · 2019-02-18 02:00

Here is a link to a similar answer that provides a PHP script to check the headers: Detect X-Frame-Options

You can modify it so that it takes a GET variable as such:

$error=false;
$urlhere=$_GET["url"];
$ch = curl_init();

$options = array(
        CURLOPT_URL            => $urlhere,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_HEADER         => true,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_ENCODING       => "",
        CURLOPT_AUTOREFERER    => true,
        CURLOPT_CONNECTTIMEOUT => 120,
        CURLOPT_TIMEOUT        => 120,
        CURLOPT_MAXREDIRS      => 10,
);
curl_setopt_array($ch, $options);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch);
$headers=substr($response, 0, $httpCode['header_size']);
if(strpos($headers, 'X-Frame-Options: deny')>-1||strpos($headers, 'X-Frame-Options: SAMEORIGIN')>-1) {
        $error=true;
}
$httpcode= curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
echo json_encode(array('httpcode'=>$httpcode, 'error'=>$error));

Then use an ajax request to test each url

$.getJSON("/path/to/script.php?url="+url_variable, function (data) {
   if (data.error) { 
      // code to display pop-up
   } else { 
      // code to display iframe
   }
});
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)