Sun, 26/07/2009 - 19:00 — horuskol

I recently helped another developer looking for a way to only allow access to one site from an iframe on another. Ideally, this would be done with the HTTP_REFERRER header, but this isn't always set by the browser, and so would prevent too many people from seeing the content properly.

My solution was simply to use a time-based key that could be generated on the site containing the iframe and tested on the remote server before allowing access to the content.