问题描述

我想在iframe中加载外部网站，如果这些网站中的任何一个使用了框架阻止程序，那么我想将用户重定向到错误页面.有一些建议的方法可以做到这一点:

I'd like to load external websites within an iframe, and if any of those sites employ the use of a frame blocker then I'd like to redirect the user to an error page. There have been a few proposed methods of doing this:

• 等待上载超时
• 查看iframe src html加载后的内容是否为空"
• 尝试捕获错误
• 维护黑名单"网址的数据库

到目前为止，令人沮丧的是，我对最后一个项目的运气最大.由于以下原因，其他方法无效:

So far, depressingly, I've had the most luck with the last item. The other methods aren't working for the following reasons:

• 等待上载超时:
  即使使用雇用框架杀手的网站也会触发
  • onload事件.例如，如果我尝试访问www.google.com，它将仅加载空的html结构.
  • waiting for an onload timeout:
    • onload events fire even with websites that employ frame killers. For example, if I try to access www.google.com, it'll just load empty html structure.
    • 由于相同的原始政策，您无法访问iframe的外部src内容.
    • 据我了解，我只能找到与本地JS代码产生的错误有关的错误处理函数，而与"Refused to display <URL> in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'/'DENY'"之类的错误无​​关.
    • To my understanding I can only find error handling functions that pertain to errors stemming from your local JS code, and nothing related to errors like "Refused to display <URL> in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'/'DENY'".
    • 这显然是一个糟糕的解决方案，它不全面，而且哈哈.

    也许我误解了其中一种方法.我缺少这里的解决方案吗?对于上下文，我主要在JS + jQuery中进行此操作.

    Maybe I'm misunderstanding one of these methods. Is there a solution here I'm missing? For context I am doing this mainly in JS + jQuery.

    推荐答案

    我有一个临时修复程序，按照@charlietfl的建议使用标头信息，尽管它并不完美，正如您可以在测试"部分看到的那样，并非所有站点都列出了x标头中包含-frame选项.

    I have a temporary fix that uses header information as @charlietfl suggested, though it's not perfect, as you can see under the tests section, not all sites list x-frame options in their headers.

    <?php
    
    // checkXFO
    // checks x-frame options
    // $headers: an array of headers
    // returns: nothing
    function checkXFO($headers){
        if($headers['X-Frame-Options']==""){
            echo "good to embed! <p>";
        }
        else{
            echo "Denied! <p>";
        }
    }
    
    //-----------------------
    // tests
    //-----------------------
    
    // x-frame option: SAMEORIGIN
    // should deny
    // > passes
    $headerArray = get_headers('http://www.google.com',1);
    checkXFO($headerArray);
    
    // x-frame option: DENY
    // should deny
    // > passes
    $headerArray = get_headers('http://www.facebook.com',1);
    checkXFO($headerArray);
    
    //x-frame option: none
    // should accept
    // > passes
    $headerArray = get_headers('http://wikipedia.org',1);
    checkXFO($headerArray);
    
    //x-frame option: none
    // should accept
    // > passes
    $headerArray = get_headers('http://neopets.com',1);
    checkXFO($headerArray);
    
    //x-frame options: DENY
    // should deny
    // > fails
    $headerArray = get_headers('http://www.yahoo.com',1);
    checkXFO($headerArray);
    
    //x-frame option:none. Redirected x-frame options: DENY
    // should deny
    // > fails
    $headerArray = get_headers('http://www.yahoo.ca',1);
    checkXFO($headerArray);
    ?>
    

    这篇关于检测iframe src是否可显示的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！