0

For example, I have a website called www.example.com which is a parent domain. I am using frames inside it. Inside the frame, I am calling www.mail.example.com

I need to check whether mail.example.com(URL inside iframe) is same domain in which google having...

This prevents cross frame scripting. How to achieve it?

Modals I worked out..

if (window.document.domain != top.document.domain) {   
   SWGuardianWindowOpen("http://google.com","_self","");
  }

Another:

if (self != top)
{
//redirect to the google.com
}


if (parent && parent.frames && parent.frames.length>0)

But these are not helpful...

Dinesh Kumar
  • 1,173
  • 7
  • 19
  • 30

1 Answers1

2

You don't need JavaScript hacks if you want to prevent non-same origin pages from embedding your website.

Simply add the following tag to the <head> of your HTML document (example: http://jsfiddle.net/b28CK/show/):

<meta http-equiv="X-Frame-Options" content="SAMEORIGIN">

If you're allowed to modify the response headers of your server, you can also add the X-Frame-Options: SAMEORIGIN response header to achieve the same effect.

If you want to use JavaScript to detect the parent origin(s), then you can use location.ancestorOrigins to find out the list of parent origin(s). This only works in Webkit and Chromium-based browsers though.

Rob W
  • 341,306
  • 83
  • 791
  • 678
  • Can you please show sample for location.ancestorOrigins ? – Dinesh Kumar Mar 05 '14 at 03:41
  • @Kumar It is just a list of origins (ie scheme://host, eg `http://example.com`), starting from the parent frame up to the top frame. Use a for loop to enumerate the list, eg `var origins = location.ancestorOrigins; for (var i=0; i – Rob W Mar 05 '14 at 07:48