Any config tricks to stop site from framing us?
mrvisser at gmail.com
Tue Dec 3 21:56:50 UTC 2013
Sorry I misinterpreted your question. The header does not support
specifying specific hosts, for example, that you want to allow
ensure window.parent.location.href matches some pattern or list of
hosts. I haven't implemented anything like that before, though.
Hope that helps,
On Tue, Dec 3, 2013 at 4:49 PM, Branden Visser <mrvisser at gmail.com> wrote:
> On Tue, Dec 3, 2013 at 4:46 PM, Ian Evans <ianevans at digitalhit.com> wrote:
>> On 2013-12-03 16:32, Branden Visser wrote:
>>> If they're using an iframe rather than a proxy then IP tricks won't help.
>>> Using the X-FRAME-OPTIONS header is probably your best bet 
>>> Hope that helps,
>> Thanks. Just did a cursory look, but does the header allow some sites to
>> frame? e.g. letting stumbleupon do it but not others?
> No I don't believe that's the case. If the browser supports it, it
> *should* stop anyone from iframing, but you're under the mercy of the
> browser implementation AFAIK -- so maybe Google's Chrome has some big
> money deals with service providers like stumbleupon, for example (pure
> speculation). There are other options listed in there such as
> "parent" frame. So you can also have a secondary check like that.
>> nginx mailing list
>> nginx at nginx.org
More information about the nginx