Some websites are not allowed to be embedded via iframe. They produce the following error:
Refused to display 'https://news.ycombinator.com/news' in a frame because it
set 'X-Frame-Options' to 'DENY'.
Our app allows URL submissions from users. We want to check on the server side if the website could be embedded in iframe and add a corresponding flag. On the client we check for the flag, and either do iframe embed or just provide a direct link to a webpage.
How do I check whether website will support iframe or not?
Try this code:
$url = "http://www.google.com/";
$url_headers = get_headers($url);
foreach ($url_headers as $key => $value)
{
$x_frame_options_deny = strpos(strtolower($url_headers[$key]), strtolower('X-Frame-Options: DENY'));
$x_frame_options_sameorigin = strpos(strtolower($url_headers[$key]), strtolower('X-Frame-Options: SAMEORIGIN'));
$x_frame_options_allow_from = strpos(strtolower($url_headers[$key]), strtolower('X-Frame-Options: ALLOW-FROM'));
if ($x_frame_options_deny !== false || $x_frame_options_sameorigin !== false || $x_frame_options_allow_from !== false)
{
echo 'url prevent iframe!';
}
}
X-Frame-Options is a response header sent by the server, so have your server perform an HTTP GET on the URL you'd like to test, see if the X-Frame-Options header is present, and if it is... judging by the spec you're not likely to be allowed to embed it at all.
I wrote this function:
function allowEmbed($url) {
$header = #get_headers($url, 1);
// URL okay?
if (!$header || stripos($header[0], '200 ok') === false) return false;
// Check X-Frame-Option
elseif (isset($header['X-Frame-Options']) && (stripos($header['X-Frame-Options'], 'SAMEORIGIN') !== false || stripos($header['X-Frame-Options'], 'deny') !== false)) {
return false;
}
// Everything passed? Return true!
return true;
}
Related
I have noticed that when you click on a Google Ads link, it appends this ?gclid=abcdef on url.
Same behavior goes for facebook as well.
I am using the following block of code in order to identify the referrer.
if (strpos($url, 'gclid') !== false) {
$ref = 'Google Adwords';
} else if (strpos($url, 'fbclid') !== false) {
$ref = 'Facebook';
}
Is there any other url identifiers or an other way to get the referrer url? The $_SERVER['HTTP_REFERER'] does not work.
I have two type of links which are strings taken from database:
http://www.website.com/anything-else.html
www.website.com/anything-else.html
I need ALL links to be displayed with http:// no matter what so Im using this simple code to determine whether link has http in it and if not add it:
if (strpos($links, 'http') !== true) {
$linkai = 'http://'.$links;
}
The problem is, it is adding http:// to any link no matter if it has it or not.
I tried ==false ect. Nothing works. Any ideas?
Try this
if (strpos($links, 'http') === false) {
$linkai = 'http://'.$links;
}
In strpos documentation says return value not Boolean always.
"Warning
This function may return Boolean FALSE, but may also return a non-Boolean value which evaluates to FALSE. Please read the section on Booleans for more information. Use the === operator for testing the return value of this function."
$arrParsedUrl = parse_url($links);
if (!empty($arrParsedUrl['scheme']))
{
// Contains http:// schema
if ($arrParsedUrl['scheme'] === "http")
{
}
// Contains https:// schema
else if ($arrParsedUrl['scheme'] === "https")
{
}
}
// Don't contains http:// or https://
else
{
$links = 'http://'.$links;
}
echo $links;
In my MY_Controller.php, I want to detect user device and the requested domain name. Domain names I am using on same app are: www.seeme.tld and m.seeme.tld, also I am using $this->detect().
So this is what I did:
<?php
if($this->detect->isMobile() || $_SERVER['HTTP_HOST'] === MOBILE_URL){
$this->config->set_item('base_url', MOBILE_URL);
}elseif(!$this->detect->isMobile() || $_SERVER['HTTP_HOST'] != MOBILE_URL){
$this->config->set_item('base_url', WEBSITE_URL);
}
?>
I have 2 folders in application/views folder : PC(for pc users) and Mobile(for mobile users)
In order to load views, I used this code in my fetch() function:
public function fetch($view, $data = array, $other_vars = false)
{
if(base_url() === MOBILE_URL || $this->_ci->detect->isMobile()){
$f = 'Mobile/';
}elseif(!$this->_ci->detect->isMobile() || base_url() != MOBILE_URL){
$f = 'PC/';
}
return $this->_ci->load->view($f.'contents/'.$view, $data, true);
}
When I use a mobile device or the visit m.seeme.tld with a mobile device, I get mobile contents. But when I visit visit m.seeme.tld with a PC instead of getting mobile contents, I rather get PC contents. Please help me solve this issue!
Changing config array could be problematic sometimes: How to override config's array within a controller in CodeIgniter?. Also you are doing double check (in controller and in the function).
I archieve similar behaviour with doing this way:
YOURCONTROLLER.PHP __construct():
if ($this->detect->isMobile() || $_SERVER['HTTP_HOST'] === MOBILE_URL){
define('IS_MOBILE', TRUE);
}else{
define('IS_MOBILE', FALSE);
}
then you could use to load the view:
if (IS_MOBILE) {
$view_folder = 'Mobile/';
}else{
$view_folder = 'PC/';
}
$this->load->view($view_folder.$view, $data, TRUE);
Also you could add a single checkpoint to view if the if statment is working fine:
if ($this->detect->isMobile() || $_SERVER['HTTP_HOST'] === MOBILE_URL){
define('IS_MOBILE', TRUE);
log_message('debug', 'Im mobile browser: '.$this->detect->isMobile().' or the url is mobile:'.$_SERVER["HTTP_HOST"]);
}else{
define('IS_MOBILE', FALSE);
log_message('debug', 'Im pc');
}
Hope it helps to you.
// This works only replace the '===' with '='.
thanks for the help but i got it fixed. all i did was to first detect mobile users in MY_Controller.php and redirect them to MOBILE_URL then in my fetch() i did:
if($_SERVER['HTTP_HOST'] = MOBILE_URL){
$view_folder = 'Mobile/;
}else{ $view_folder = 'Frontend/;
}
and that's it,Paam it started working.
I've working on a project and in this project i need to check the user input is a valid URL.
I've made a preg_match for all possible characters used on a URL. However, I'm trying to make it show an error if HTTP:// / HTTPS:// is not in front of the URL.
Here is what I've done.
if(preg_match('/[^0-9a-zA-Z.\-\/:?&=#%_]/', $url) || substr($url, 0, 7) != "http://" || substr($url, 0, 8) != "https://") {
But that doesn't work. It keeps giving me the an OK message. I'm not sure what I'm doing wrong here, I hope I can get some help!
The if statement will return true or false. So
if(preg_match('/[^0-9a-zA-Z.\-\/:?&=#%_]/', $url) || substr($url, 0, 7) != "http://" || substr($url, 0, 8) != "https://") {
echo "true";
} else {
echo "false";
}
I just need to check if the url has entered a valid url. I don't need to verify it. Just need to check if it has HTTP:// or HTTPS:// and contains valid URL characters.
Instead of a regex, you could make things easy on yourself and use the URL filtering in filter_var:
if (filter_var($url, FILTER_VALIDATE_URL)) { ...
Alternately you can do this without regex. Though you do also need to validate the url imagine http://">bla</a><script>alert('XSS');</script> as the value passed as there url
<?php
$url = 'http://example.com';
if(in_array(parse_url($url, PHP_URL_SCHEME),array('http','https'))){
if (filter_var($url, FILTER_VALIDATE_URL) !== false) {
//valid url
}else{
//not valid url
}
}else{
//no http or https
}
?>
parse_url()
filter_var()
You've not shown your complete relevant code. So, not sure, why it is not working for you but for url validation, you can check for a detailed discussion on the thread link below:
PHP validation/regex for URL
To validate user input with website url it is good to allow with or without scheme and with or without www, then in view add scheme to set as external url.
$withWww = 'www.' . str_replace(array('www.'), '', $value);
$withScheme = 'http://' . str_replace(array('http://', 'htttps://'), '', $withWww);
$headers = #get_headers($withScheme);
if (strpos($headers[0], '200') === false) {
return false;
}
Can someone help me with my if statement? I am trying to make two checks when people visit my website. 1st one checks the connection type if its not a Broadband connection it sends the header redirecting to google. The 2nd one checks to see if the ip address is a known proxy if so it sends the header directing to google. My problem is no matter if its a proxy or not it always sends the header, and same for the connection type no matter which one it sends the header. What am I doing wrong?
HERE ARE THE OPTIONS FOR $TYPE.
$type = "Corperate";
$type = "Dial-Up";
$type = "Broadband";
//Block based on connection type
if ($type != "Broadband") {
header('Location: http://www.google.com');
} else {
//Do Nothing
}
HERE ARE THE OPTIONS FOR $PROXY.
$proxy = "Suspected Network Sharing Device";
$proxy = "Known Proxy";
//Block based on proxy
if (strlen($proxy) > 0) {
header('Location: http://www.google.com');
} else {
//Do nothing
}
Dont both your options of $proxy have length>0 ?
I think it should be
if($proxy != "known_proxy"){
header('Location:http://www.google.com')
}
Use
if (!empty($proxy)) {
header('Location: http://www.google.com');
}
instead.
Also, I'm not even sure that is your problem since both proxy "options" are not empty strings, therefore have a strlen() > 0.
The only way that if statement will return false is if you were to do $proxy = ""