I have a page whose URL is something like this:https://example.com/home/inicio.php
Inside I have a link, when I click on it, it loads another page in an iframe that is on my same site, for example:https://example.com/home/contacto.php
For the demo, the link points to Wikipedia.
<ul>
<li>
<!--
<a href="contacto.php" target="iframe_a">CLIC</a>
-->
<a href="https://www.wikipedia.org" target="iframe_a">CLIC</a>
</li>
</ul>
<iframe src="example.com" name="iframe_a" height="200px" width="100%" title="Iframe Example"></iframe>
Now, I know that anyone could just right click on the link and open it in another tab . I need that when this happens, the page home/contacto.php
detects that it is not inside the iframe on the page home/inicio.php
and denies me access, hides or does not allow me to interact, or shows me a minimal alert.
Searching the site, I found this very question , but the supposed answer doesn't make it clear how to do it.
It occurs to me that the structure <ul><li><a>...
of the page home/inicio.php
is a form that passes me an identifier to the iframe page through the POST method, and if it doesn't find it (by accessing it directly), it blocks access.
Any ideas?
If the iframe contains a PHP you can do it by putting this at the beginning of contact.php like so:
where:
although that does not guarantee you other access attempts through cURL or similar that can trick headers, but at least you get rid of those of the right button.
More info about HTTP_SEC_FETCH_DEST