is there a way for a WE app to determine if it is being loaded in a iFrame or not? I have an WE app that I want to force to be loaded only from a particular website in a particular iFrame/page.
thanks.
Look up the X-Frame-Options HTTP header. It won’t help when NOT loaded in an IFrame, but if so, most browsers will respect it. As for forcing in an IFrame, I’m not aware of a way.
You could look at the HTTP_REFERRER. If it’s not the page you want the WE app embedded in, bail out to an error page. I do this with a clock widget that is enabled on Solarug.com, but not on StudioStable.com. However, I did that in the .cgi file for a CGI deployment rather than in the WE app itself. If I built it today, it would be stand-alone, and the check would be in the app.
Not sure that Chrome (and webkit-based browsers) support X-Frame-Options ALLOW-FROM “some.domain” statements…?
They do not. It’s not a perfect option, but a perfect option does not exist.
Thanks for confirming i agree