I am trying to do the following:
A parent (called A) is used to access iframe of another application (called B) within the same domain. I don't want the B to be accessed directly, only through parent A.
Content of example.com/parentA:
<iframe id="childB" src="http://example.com/childB"></iframe>
I've managed to redirect any URL from child B to parent A page with simple:
if (!window.frameElement) {
window.location = "http://example.com/parentA"
}
and store the URL within PHP variable (still in child B):
$redirect_to = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
Obviously, once redirected the variable is lost and I am stuck on always redirecting to /parentA/ with fixed src. My goal is the following:
<iframe id="childB" src="<?php if (isset($redirect_to)){ echo $redirect_to; }else{ echo 'http://example.com/childB'; } ?>"></iframe>
I've no idea how to store $redirect_to upon redirecting. Through a cookie? Is my approach viable in the least?
You can maintain a session storage variable(https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Storage) and delete it once work is done, this way you will access to the target path and at the same time maintain the security as well.