科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - Detect X-Frame-Options - Stack Overflow

    javascript - Detect X-Frame-Options - Stack Overflow

    programmeradmin3浏览0评论

    Is there a way to detect whether or not a page is allowed to load within an iframe?

    If a URL can not load within an iframe, I would like to let the user know that the URL they are submitting will not work on our site.

    I have tried to get the contents, but that doesn't work:

    $("iframe#data-url").on("load", function() {
    alert($(this).contents())
});

    I am not really sure where to go from here.

    Refused to display '/' in a frame because it set 'X-Frame-Options' to 'DENY'.

    Is there a way to detect X-Frame-Options?

    Is there a way to detect whether or not a page is allowed to load within an iframe?

    If a URL can not load within an iframe, I would like to let the user know that the URL they are submitting will not work on our site.

    I have tried to get the contents, but that doesn't work:

    $("iframe#data-url").on("load", function() {
    alert($(this).contents())
});

    I am not really sure where to go from here.

    Refused to display 'https://www.facebook./' in a frame because it set 'X-Frame-Options' to 'DENY'.

    Is there a way to detect X-Frame-Options?

    • javascript
    • iframe
    Share Improve this question asked Jan 21, 2014 at 16:13 Get Off My LawnGet Off My Lawn 36.3k46 gold badges197 silver badges374 bronze badges 1
    • 4 Not sure what the downvoter was upset about, seems like a perfectly valid question to me – Jamie Taylor Commented Jan 21, 2014 at 16:33
    Add a ment  | 

    1 Answer 1

    Reset to default 15

    Because your script and the target URL are on different domains, JavaScript's cross domain policy won't let you access the headers. I ran into the same problem a few months ago and ended up using JavaScript to send an AJAX request to a PHP file which could then parse the headers.

    This is what I had in the PHP file. This would then return the result in a JSON array. Let me know if it helps!

    $error=false;
$urlhere='http://facebook.';
$ch = curl_init();

$options = array(
        CURLOPT_URL            => $urlhere,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_HEADER         => true,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_ENCODING       => "",
        CURLOPT_AUTOREFERER    => true,
        CURLOPT_CONNECTTIMEOUT => 120,
        CURLOPT_TIMEOUT        => 120,
        CURLOPT_MAXREDIRS      => 10,
);
curl_setopt_array($ch, $options);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch);
$headers=substr($response, 0, $httpCode['header_size']);
if(strpos($headers, 'X-Frame-Options: deny')>-1||strpos($headers, 'X-Frame-Options: SAMEORIGIN')>-1) {
        $error=true;
}
$httpcode= curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
echo json_encode(array('httpcode'=>$httpcode, 'error'=>$error));

    I know it's not an ideal response but it's all I could get to work with my project.

    Edit: As Bill stated below, if you change strpos() to stripos() you might get better results as it runs a case insensitive search instead.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论