How to protect the site from a direct transition?

N

netz-sanya2014-04-30 21:17:12

PHP

netz-sanya, 2014-04-30 21:17:12

The bottom line is this: there is an iframe application Vkontakte site address let it be site.com.
How to make it so that when you enter the site through Vkontakte using an iframe, its contents are displayed, and if you go to the site directly (type the address in the browser) or enter the address in the iframe (and pass any parameters to it) on your site (local computer), then this user was "redirected" to, for example, vk.com/app123456?
Preferably using php (js).

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

M

m-haritonov, 2014-05-01
@netz-sanya

<!DOCTYPE html>
<html>
<head>
  <meta http-equiv="content-type" content="text/html; charset=utf-8" />
  <title></title>
  <script type="text/javascript">
    if (window.top === window)
      window.top.location = 'http://vk.com/app123456';
  </script>
</head>
<body>
test
</body>
</html>

N

Nikita Gusakov, 2014-04-30
@hell0w0rd

You need to take the referer value. In php it is in $_SERVER['HTTP_REFERER']
But be aware that this value can be faked, it's just a header inside the http request.
It is also possible that the contact sends some of its headers, or simply does not give access to the js API - here you can already see from the JS side