Knowing if a script is called from an iframe on another host in PHP (hopefuly without Javascript)
-
30-09-2019 - |
Question
I want to identify if a PHP script is being called inside an iframe of a different host. I could resort to using Javascript for that, but I'd like to find a JS-free solution first.
Right now I'm using this logic:
If $_SERVER['HTTP_HOST']
is not equal to the host name of $_SERVER['HTTP_REFERER']
And $_SERVER['REDIRECT_STATUS']
is defined
Then the script is being called from inside an iframe on a different host.
I know this is by no means accurate, but it passed all tests so far.
Does somebody know a better solution, an extra condition I could check to be sure of this?
Thanks.
SOLVED:
Finally, I decided to go with JS. Now the two alternative contents are each inside a <div>
and a JS script decides which one to show and which one to hide.
Solution
Does somebody know a better solution
To my knowledge not without JS, no. A referer different from HTTP_HOST
could however also mean that the page was reached through a link, and of course both fields can be easily spoofed.