check http header to see if url can be loaded in iframe

Question

I need to detect if a url can be loaded into iframe, and if not the url needs to be opened in next tab.

I tried to download the header for given url and check X-Frame-Options header value.

Here's what I tried:

$(document).on('opening', '.link-modal', function(e) {
    var target = $(e.target);
    var url = target.attr('data-izimodal-iframeURL');

    console.log(isIframeDisabled(url));
});

function isIframeDisabled($src) {
    try {
        $headers = get_headers($src, 1);
        // return $headers;
        $headers = array_change_key_case($headers, CASE_LOWER);
        // Check Content-Security-Policy
        if(isset($headers[strtolower('Content-Security-Policy')])){
            return true;
        }
        // Check X-Frame-Options
        if(isset($headers[strtolower('X-Frame-Options')] &&
            (strtoupper($headers['X-Frame-Options']) == 'DENY' ||
                strtoupper($headers['X-Frame-Options']) == 'SAMEORIGIN')
            ))
        {
            return true;
        }
    } catch ( e ) {
        // Ignore error
    }
    return false;
}

This function always gives false even though some urls are loading into iframe.

It seems that code inside try-catch is not being run.

The code in the ```try {}``` statement is being executed. I guess that one of your mutliple string manipulation functions is working not as expected and their output is always different to what you are comparing it. Please provide mor information on how your methods work. — noChance, May 20 '19 at 11:51

check http header to see if url can be loaded in iframe

0 Answers0