Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a page that I am sending into an iframe. The iframe itself is being conditionally displayed based on logic in the back end. Is it possible for only the iframe to be able to display the page?
Basically I want to be able to call the page from within the iframe, but a person who accesses the URL directly will get redirected or blocked.
You can check the
Refererheader and serve the page only if it matches the URL of the document that contains the iframe. But this will foil only a user browsing casually to the direct URL. In general the answer is no, you have no control over how the user agent is going to display the content.If you really need to do this, generate the parent document dynamically so that it contains a URL for the iframe with an embedded random one-time token. Have the iframe content be generated by a script that checks for the validity of the one-time token before delivering the page, and deletes the token from the database at the same time. You will have to make the iframe content uncacheable and you will likely encounter side effects related to caching that cause the page to break for legitimate users from time to time.