how can I check what site a javascript badge is embedded on?

StackOverflow https://stackoverflow.com/questions/335732

  •  22-07-2019
  •  | 
  •  

Question

I want to allow users to embed badges on their personal site or blogs with a snippet of javascript. The badge is customized on our site based on information in their profiles that at some point is "approved".

Is there a best practice to check what website the javascript is embedded on and if it does not match the website in their "approved" profile display nothing. If it matches inject the html etc.

Thanks

Was it helpful?

Solution

Two methods come to mind immediately:

  1. Configure your server to log the "Referer" header of all requests for the javascript and even check it against a list of approved urls, and return an error code (403 Forbidden looks like a winner).

  2. Have the Javascript "call home" - reporting where it is - like so:

    var etCallHome = new Image();
etCallHome = "http://yoursite.com/logger?url="+document.location.href;

You could also combine both approaches for luck. :-)

OTHER TIPS

You could check the top url using:

var topUrl = top.location.href;
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top