Question
We have an mp3 player that runs via an iFrame, not our choice but thats how we're stuck with it. We want to prevent other people simply embedding the iframe on their site.
What would be the best way to do this? We're running nginx so no .htaccess. The mp3 player is made up of php files and we need to keep running it in an iframe.
Is there anyway to lock the specific mp3 players php file (in this case html5player.php) to only be able to be executed on our server or domain name? Surely there is a way to do that in nginx? But then of course, if they embed the iFrame it will think it IS running on our server anyway wont it?
Everything solution I've thought of has fallen down somewhere along the way, so input much appreciated.
Solution
You can check the URL of the parent window within the iframe, and check if it matches your domain or not... and then accordingly display the mp3 player or deny access.
use the following in the javascript inside the iframe:
https://stackoverflow.com/questions/14735162
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianif(top.location.href == "http://mysite.com"){
//display mp3 player
}
//or don't display mp3 player
