checking to see if WE is running in an iFrame or not

is there a way for a WE app to determine if it is being loaded in a iFrame or not? I have an WE app that I want to force to be loaded only from a particular website in a particular iFrame/page.


Look up the X-Frame-Options HTTP header. It won’t help when NOT loaded in an IFrame, but if so, most browsers will respect it. As for forcing in an IFrame, I’m not aware of a way.

You could look at the HTTP_REFERRER. If it’s not the page you want the WE app embedded in, bail out to an error page. I do this with a clock widget that is enabled on, but not on However, I did that in the .cgi file for a CGI deployment rather than in the WE app itself. If I built it today, it would be stand-alone, and the check would be in the app.

Not sure that Chrome (and webkit-based browsers) support X-Frame-Options ALLOW-FROM “some.domain” statements…?

They do not. It’s not a perfect option, but a perfect option does not exist.

Thanks for confirming i agree