| Author |
 Topic  |
|
Marshall
Ecommerce Template Guru
USA
1568 Posts |
 Posted - 08/19/2018 : 22:00:33
|
This problem is as old as the internet. Unscrupulous websites "frame" your website then surrond the page with ads or other junk which may have a negative impact on your site, and not just in sales, but reputation as well.
It use to be a simple JavaScript to the effect <script type="text/javascript">
(function(window) {
if (window.location !== window.top.location) {
window.top.location = window.location;
}
})(this);
</script> solved the problem. But with more browsers blocking automatic redirects such as this (Chrome being one) using this script is problematic. Here is an alternative. If you cannot get out of the frame, no sense letting them use your site at all. Simply place this in the <head> of your page(s) <style> html{display:none;} </style>
<script>
if(self == top) {
document.documentElement.style.display = 'block';
} else {
top.location = self.location;
}
</script> What this simply does is stop the display of your page's content. Yes, you might be stuck in a frame, but your content cannot be taken advantage of. I have tested this and it works like a charm. But remember, nothing is 100%.
Marshall
CENLYT Productions - ms designs
Affordable Web Design
Custom Ecommerce Designs
Responsive Websites
Cenlyt.com |
|
insight
ECT Moderator
USA
4213 Posts |
|
Marshall
Ecommerce Template Guru
USA
1568 Posts |
Posted - 08/20/2018 : 07:39:21
|
Thanks Peter. Was not familiar with that one.
Marshall
CENLYT Productions - ms designs
Affordable Web Design
Custom Ecommerce Designs
Responsive Websites
Cenlyt.com |
 |
|
Positivek9
Ecommerce Template Guru
USA
4061 Posts Pre-sales questions only (More Details...)
|
Posted - 08/20/2018 : 08:53:21
|
Found some info on that here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
Julie
Owned & loved by 7 German Shepherds |
|
|
Graham Slaughter
Ecommerce Template Expert
758 Posts |
Posted - 01/09/2019 : 09:00:30
|
For those of us on a Windows server it is as simple as adding this into your web.config file:
<add name="Content-Security-Policy" value="frame-ancestors 'none';" />
<add name="X-Frame-Options" value="deny" />
Those lines must appear inside
<configuration>
<system.webserver>
<httpProtocol>
<customHeaders>
(lines go here)
</customHeaders>
</httpProtocol>
</system.webserver>
</configuration>
You likely already have other bits inside your web.config, so you'll just add those lines inside the above tags and always ALWAYS test to see if your site works as errors in a web.config file will keep the entire site from loading at all. |
Edited by - Graham Slaughter on 01/09/2019 09:00:54 |
|
|
| |
Topic |
|
Prevent your site from being "framed"
