I'm new to iframes and their security flaws. I have website A that needs to be embedded on an iframe on a list of websites. Here is the interesting part.
I know some places do this with some sort of tokenization system. Does anyone know or have some good references to do this?
well, you can't prevent people from framing your website because you don't control their code.
however, you could:
use a framebuster to bust your site to top level (exit from iframe and into main window).
check the parent window's url (the url of the site framing your site). it works only if same domain, meaning if another domain is iframing you, you can't get the parent url ("aha! someone's framing your site!"). if you CAN get the url, the top site is from your domain. the only thing you need to do after that is to check if that site is part of your trusted sites in your domain.
©2020 All rights reserved.