Is there a client-side way to detect X-Frame-Options?

后端未结

关注

 8  726

温柔的废话 2020-12-28 12:16

Is there any good way to detect when a page isn\'t going to display in a frame because of the X-Frame-Options header? I know I can request the page serverside and look for

8条回答

暖寄归人 (楼主)

2020-12-28 12:45
Disclaimer: this answer I wrote in 2012(Chrome was version ~20 at that time) is outdated and I'll keep it here for historical purposes only. Read and use at your own risk.

Ok, this is a bit old question, but here's what I found out (it's not a complete answer) for Chrome/Chromium.

the way do detect if a frame pointing to a foreign address has loaded is simply to try to access its contentWindow or document.

here's the code I used:
```
element.innerHTML = '';
myframe = $(element).find('iframe');
```
then, later:
```
try {
    var letstrythis = myframe.contentWindow;
} catch(ex) {
    alert('the frame has surely started loading');
}
```
the fact is, if the X-Frame-Options forbid access, then myFrame.contentWindow will be accessible.

the problem here is what I called "then, later". I haven't figured out yet on what to rely, which event to subsribe to find when is the good time to perform the test.
0 讨论(0)

查看其它8个回答
发布评论:

提交评论
- 加载中...