Any config tricks to stop site from framing us?
Branden Visser
mrvisser at gmail.com
Tue Dec 3 21:49:42 UTC 2013
On Tue, Dec 3, 2013 at 4:46 PM, Ian Evans <ianevans at digitalhit.com> wrote:
> On 2013-12-03 16:32, Branden Visser wrote:
>>
>> If they're using an iframe rather than a proxy then IP tricks won't help.
>>
>> Using the X-FRAME-OPTIONS header is probably your best bet [1]
>>
>> Hope that helps,
>> Branden
>>
>> [1]
>>
>>
>> http://stackoverflow.com/questions/2896623/how-to-prevent-my-site-page-to-be-loaded-via-3rd-party-site-frame-of-iframe
>
>
> Thanks. Just did a cursory look, but does the header allow some sites to
> frame? e.g. letting stumbleupon do it but not others?
>
No I don't believe that's the case. If the browser supports it, it
*should* stop anyone from iframing, but you're under the mercy of the
browser implementation AFAIK -- so maybe Google's Chrome has some big
money deals with service providers like stumbleupon, for example (pure
speculation). There are other options listed in there such as
JavaScript tricks to verify the "self" frame is the same as the
"parent" frame. So you can also have a secondary check like that.
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list