Possible Duplicate:
access parent url from iframe
I am currently have an iframe tag, e.g.:
<iframe src="www.mydomain.com/animation.html></iframe>
...and i want my client to embed this tag to render on their page , however i want to offer only some domain name list in my database to render this iframe, so how can i do. thanks
You can use parse_url. It help you to detect domain
Solution 1: You can do it by allowing their IP addresses and disallow all other IPs, just create .htaccess file and add following rules in it.
order deny,allow
deny from all
allow from 111.222.333.444
Solution 2: second way to apply restrictions is to use PHP file instead of a plane HTML file and add any kind of restriction in it, see code below
// animation.php
<?php
$allowed_domains = array(
'www.example-1.com',
'www.example-2.com',
'www.example-3.com',
);
if (in_array($_SERVER['SERVER_NAME'], $allowed_domains)) : ?>
Your I-frame content goes here!
<?php endif;?>
If you want to limit which sites can include your page inside an iframe, you could hand out unique tokens to each domain; the code for each domain would look like this:
<iframe src="http://mydomain.com/animation.html?token=absfqeqwe"></iframe>
This just puts up a small barrier, someone could simply copy it from one of your legit sites and then use it for themselves.
Personally I don't think this is doable.
A number of browsers support the x-frame-options header which is described here. This allows you to list acceptable domains that can frame your page.
Some other discussion here: Frame Buster Buster ... buster code needed