当前位置:theitroad>Javascript 在PHP中获取iframe的父url

Javascript 在PHP中获取iframe的父url

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/3724969/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-23 05:52:55  来源:igfitidea点击:

get the parent url of iframe in PHP

javascriptphpurliframeparent

提问by Alaa

I am creating a widget that would load in a IFrame and users will be able to place the widget on their own website. How would I get the URL of the website that is using the IFrame in javascript and/or PHP? The IFrame loads a php file.

我正在创建一个可以加载到 IFrame 中的小部件,用户将能够将小部件放置在他们自己的网站上。我如何获取在 javascript 和/或 PHP 中使用 IFrame 的网站的 URL?IFrame 加载一个 php 文件。

I have tried "parent.top.location.href" and "parent.document.referrer" in the IFrame page but that is undefined.

我在 IFrame 页面中尝试过“parent.top.location.href”和“parent.document.referrer”,但未定义。

I have also tried to echo "$_Server[referrer]" in the IFrame page and that did return the IFrame parent URL, but how easy is it for someone to manipulate the referrer variable? I dont want to get misleading information. The Goal: I created a widget and want to allow registered users to use that widget on their site. I want to be able to find out who is using the widget and if a un-registered user is using it on their site, then the widget would not display

我还尝试在 IFrame 页面中回显 "$_Server[referrer]" 并且确实返回了 IFrame 父 URL,但是有人操作引用变量有多容易?我不想得到误导性信息。目标:我创建了一个小部件,并希望允许注册用户在他们的网站上使用该小部件。我希望能够找出谁在使用小部件,如果未注册的用户在他们的网站上使用它,那么小部件将不会显示

采纳答案by mck89

Try with:

尝试:

parent.location.href;

or

或者

parent.document.URL

回答by jensgram

I have also tried to echo "$_Server[referrer]" in the IFrame page and that did return the IFrame parent URL, but how easy is it for someone to manipulate the referrer variable?

我还尝试在 IFrame 页面中回显 "$_Server[referrer]" 并且确实返回了 IFrame 父 URL,但是有人操作引用变量有多容易?

Pretty easy, but so is disabling JavaScript! However, if a web site uses your <iframe>it will be a little difficult for them to fake the referrer in theirvisitor's UA. (They could also proxy your content if they reallyinsist on hiding the fact that they're using your content. In that case your only choice is not to publish it in the first place.)

非常简单,但禁用 JavaScript 也是如此!但是,如果一个网站使用了您<iframe>这将是对他们有点难以伪造在引用他们的访问者的UA。(如果他们真的坚持隐藏他们正在使用您的内容的事实,他们也可以代理您的内容。在这种情况下,您唯一的选择是首先不发布它。)

In order to present content for "partners" only you could consider providing them with a token (like Twitter/Google/... APIs). If no (or an invalid) token is used, present an error. If a valid token is used but the referrer is suspicious you should investigate further.

为了仅向“合作伙伴”展示内容,您可以考虑向他们提供令牌(如 Twitter/Google/... API)。如果未使用(或无效)令牌,则显示错误。如果使用了有效令牌但引荐来源可疑,您应该进一步调查。

回答by Moamen Mostafa

You can use the following PHP code to have the parent window URL get values in an array:

您可以使用以下 PHP 代码让父窗口 URL 获取数组中的值:

  <?php
       //Getting the parent window parameters
        $getURLVar = str_replace("?","",strrchr($_SERVER['HTTP_REFERER'],"?"));
        $getURLVar = str_replace("&","=",$getURLVar);
        $getURLVar = str_getcsv($getURLVar,"=");
        $i=0;
        foreach ($getURLVar as $value)
          {
            if ($i % 2)
                $value1[$i]=$value;
            else
                $value2[$i]=$value;

            $i++;
          } 
        $getURLVar =array_combine($value2,$value1);


        print_r($getURLVar);
    ?>

回答by Jordan Brough

Assuming your widget's URL doesn't do any redirects, etc., you should be able to use:

假设您的小部件的 URL 不进行任何重定向等,您应该能够使用:

document.referrer

from within the javascript inside your iframe and it should contain the URL of the parent page. This seems to be what YouTube does for tracking in their iframe embed codes.

从 iframe 内的 javascript 中,它应该包含父页面的 URL。这似乎是 YouTube 在其 iframe 嵌入代码中进行跟踪的方式。

回答by David says reinstate Monica

A small piece of JavaScript in the iframe-d page can 'un-frame' the page:

iframe-d 页面中的一小段 JavaScript 可以“取消框架”页面:

if (top != self) {top.location.replace(self.location.href);}

Otherwise, as @mck89says: the iframe can access the URL of the parent page using the top.location.href.

否则,正如@mck89所说:iframe 可以使用top.location.href.

Further reading on the question How to prevent my site page to be loaded via 3rd party site frame of iframe.

进一步阅读如何防止我的网站页面通过 iframe 的 3rd 方网站框架加载的问题。

回答by user1123382

I would use:

我会用: 

$qStr = explode('?', $_SERVER['HTTP_REFERER']);        
$t= explode('&', $qStr[1]);
foreach ($t as $val)
{
    $a = explode('=', $val);
    $args[$a[0]]=$a[1];
}
// to check the arguments
print_r($args);
// to check the url
echo $qStr[0];

$args would contain my security token which would be checked by some hashing against the url

$args 将包含我的安全令牌,该令牌将通过对 url 的一些散列进行检查

相关推荐

如何使用 JavaScript 重新加载页面

如何使用 JavaScript 重新加载页面

Javascript 类型错误:$(...).carousel 不是函数

Javascript 类型错误:$(...).carousel 不是函数

Javascript 如何知道字符串以 jQuery 中的特定字符串开始/结束?

Javascript 如何知道字符串以 jQuery 中的特定字符串开始/结束?

Javascript 如何使用 __dirname 返回 1 个文件夹级别?

Javascript 如何使用 __dirname 返回 1 个文件夹级别?

相关推荐
最近更新
标签