How do I get the siteURL calling my page when it is loaded in an iFrame?
https://stackoverflow.com/questions/1284838
-
18-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is it as easy as $ENV{'HTTP_REFERER'}? or is there something else that I need to do?
Example: My Site: sample.php
Calling Site w/iFrame: somesite.com
I want sample.php when it loads to be able to use "somesite.com" for input as a variable.
Solution
There is no difference between an inline frame and a normal page. And loading an inline frame initially with src will send the HTTP referer.
OTHER TIPS
First of all, your page must not depend on the Referer being present nor correct : it is an information that is sent by the browser, and can either :
- be disabled (some firewall/antivirus remove that information, for instance -- or did sometime ago)
- or be altered / faked (if you search a bit, there must be some firefox extension that allow you to fake this pretty easily, for instance)
For more informations, see, for instance :
These posts both "agree" with me ^^
Now, you can enventually use it to add some feature ; but you must not rely on it for your website to work ;-)
For a truly reliable way to access the parent URL, you can add a GET parameter to the iframe src containing the parent URL when you embed it. You can use Javascript to add this automatically along with the embed.
Here's an example that embeds the iframe at the end of the <body> tag:
var iframe = document.createElement('iframe');
iframe.src = '/sample.php?parent=' + window.location;
document.body.appendChild(iframe);
You can then access the parent URL reliably from PHP with:
$parent_url = $_GET['parent'];
As Pascal MARTIN mentioned, you shouldn't trust the Referer value absolutely.
Expanding on Gumbo's answer: since the Referer is transmitted as a header within an HTTP Request retrieving it within a script loaded in an <iframe> is exactly the same as retrieving it for any other script.
When the browser requests the page specified by the src attribute in the <iframe> it will submit an HTTP request like that for any other resource and will include the Referer header value.
The value of the Referer header will contain the URL of the page hosting the <iframe>. So if you had a PHP script named page-with-iframe.php and it contained <iframe src="sample.php" /> the HTTP request for sample.php might look something like:
GET /sample.php HTTP/1.1
Host: somesite.com
...
Referer: http://somesite.com/page-with-iframe.php
In sample.php you would use $ENV{'HTTP_REFERER'} to retrieve the value and from there you can parse out the hotname somesite.com.
