Author |
Topic  |
|
Marshall
Ecommerce Template Guru
USA
1630 Posts |
Posted - 08/19/2018 : 22:00:33
|
This problem is as old as the internet. Unscrupulous websites "frame" your website then surrond the page with ads or other junk which may have a negative impact on your site, and not just in sales, but reputation as well.
It use to be a simple JavaScript to the effect <script type="text/javascript"> (function(window) { if (window.location !== window.top.location) { window.top.location = window.location; } })(this); </script> solved the problem. But with more browsers blocking automatic redirects such as this (Chrome being one) using this script is problematic. Here is an alternative. If you cannot get out of the frame, no sense letting them use your site at all. Simply place this in the <head> of your page(s) <style> html{display:none;} </style> <script> if(self == top) { document.documentElement.style.display = 'block'; } else { top.location = self.location; } </script> What this simply does is stop the display of your page's content. Yes, you might be stuck in a frame, but your content cannot be taken advantage of. I have tested this and it works like a charm. But remember, nothing is 100%.
Marshall CENLYT Productions - ms designs Affordable Web Design Custom Ecommerce Designs Responsive Websites Cenlyt.com |
|
insight
ECT Moderator
USA
4301 Posts |
|
Marshall
Ecommerce Template Guru
USA
1630 Posts |
Posted - 08/20/2018 : 07:39:21
|
Thanks Peter. Was not familiar with that one.
Marshall CENLYT Productions - ms designs Affordable Web Design Custom Ecommerce Designs Responsive Websites Cenlyt.com |
 |
|
Positivek9
Ecommerce Template Guru
USA
4061 Posts Pre-sales questions only (More Details...)
|
Posted - 08/20/2018 : 08:53:21
|
Found some info on that here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
Julie Owned & loved by 7 German Shepherds |
 |
|
Graham Slaughter
Ecommerce Template Expert
760 Posts Pre-sales questions only (More Details...)
|
Posted - 01/09/2019 : 09:00:30
|
For those of us on a Windows server it is as simple as adding this into your web.config file: [code] <add name="Content-Security-Policy" value="frame-ancestors 'none';" /> <add name="X-Frame-Options" value="deny" /> [/code]
Those lines must appear inside [code]<configuration> <system.webserver> <httpProtocol> <customHeaders>
(lines go here)
</customHeaders> </httpProtocol> </system.webserver> </configuration>[/code]
You likely already have other bits inside your web.config, so you'll just add those lines inside the above tags and always ALWAYS test to see if your site works as errors in a web.config file will keep the entire site from loading at all. |
Edited by - Graham Slaughter on 01/09/2019 09:00:54 |
 |
|
|
Topic  |
|