0

I am trying to enclose phpmyadmin into an iframe on my website. However, when the user is not logged in, the browser redirects into the full link. It only embeds into the iframe when user is already signed in.

  <div class="row">
        <iframe src="http://nypgis.com/phpmyadmin/index.php" height="1000" width="1650" seamless="seamless"></iframe>
  </div>
user1999806
  • 681
  • 1
  • 5
  • 10

1 Answers1

0

You cannot use an iframe to access phpMyAdmin, since there is a CSRF protection system :

You can see in the source of phpMyAdmin's login page <script src="./js/cross_framing_protection.js" type="text/javascript"></script>

var topdomain=top.document.domain;
if(topdomain!=self.document.domain)
{
    alert("Redirecting...");
    top.location.replace(self.document.URL.substring(0,self.document.URL.lastIndexOf("/")+1))
}
Laurent W.
  • 3,629
  • 2
  • 20
  • 29
  • If i were to comment this script out, will it have serious repercussions? – user1999806 Dec 23 '13 at 09:37
  • Even if it should work, you should never alter source code from third party giving you security protections. – Laurent W. Dec 23 '13 at 09:43
  • I understand it may be vulnerable to cross-frame scripting attacks or clickjacking. It is running on a virtual machine only for local development purposes so that is fine with me. – user1999806 Dec 23 '13 at 09:59