问题
F.e. I have such code
index.html
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<iframe src="iframe.html"></iframe>
</body>
</html>
iframe.html
<html>
<head>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
</head>
<body>
<script>
$.get("http://badsite.com");
$.get("http://goodsite.com");
</script>
</body>
</html>
As you can see iframe make two request and how can I block requests to http://badsite.com What I need to use js, php, or should configure my server or change my .htaccess file?
回答1:
HTML5 introduces the sandbox attribute on the iframe that, disables JavaScript loading and execution.
回答2:
Set up a CSP with connect-src.
You can't block badsite specifically, but you can allow only goodsite (or a list of sites that includes goodsite).
Your HTTP response headers for iframe.html should include:
Content-Security-Policy: connect-src http://goodsite.com http://different-goodsite.com
You could also use a meta element.
<meta http-equiv="Content-Security-Policy" content="connect-src http://goodsite.com http://different-goodsite.com">
来源:https://stackoverflow.com/questions/54256101/how-can-i-block-request-thats-come-out-from-iframe