I want to allow users to embed badges on their personal site or blogs with a snippet of javascript. The badge is customized on our site based on information in their profiles that at some point is "approved".
我想允许用户使用一小段javascript在他们的个人网站或博客上嵌入徽章。徽章是在我们的网站上根据他们的个人资料中的信息定制的,在某些时候是“已批准”。
Is there a best practice to check what website the javascript is embedded on and if it does not match the website in their "approved" profile display nothing. If it matches inject the html etc.
是否有最佳做法来检查javascript嵌入在哪个网站上,如果它与“已批准”配置文件中的网站不匹配则不显示任何内容。如果它匹配注入html等。
Thanks
2 个解决方案
#1
1
Two methods come to mind immediately:
立即想到两种方法:
-
Configure your server to log the "Referer" header of all requests for the javascript and even check it against a list of approved urls, and return an error code (
403 Forbidden
looks like a winner).配置您的服务器以记录所有javascript请求的“Referer”标头,甚至根据批准的URL列表进行检查,并返回错误代码(403 Forbidden看起来像赢家)。
-
Have the Javascript "call home" - reporting where it is - like so:
让Javascript“回家” - 报告它在哪里 - 像这样:
var etCallHome = new Image(); etCallHome = "http://yoursite.com/logger?url="+document.location.href;
You could also combine both approaches for luck. :-)
你也可以结合两种方法来获得好运。 :-)
#2
0
You could check the top url using:
您可以使用以下方法检查顶部网址:
var topUrl = top.location.href;
#1
1
Two methods come to mind immediately:
立即想到两种方法:
-
Configure your server to log the "Referer" header of all requests for the javascript and even check it against a list of approved urls, and return an error code (
403 Forbidden
looks like a winner).配置您的服务器以记录所有javascript请求的“Referer”标头,甚至根据批准的URL列表进行检查,并返回错误代码(403 Forbidden看起来像赢家)。
-
Have the Javascript "call home" - reporting where it is - like so:
让Javascript“回家” - 报告它在哪里 - 像这样:
var etCallHome = new Image(); etCallHome = "http://yoursite.com/logger?url="+document.location.href;
You could also combine both approaches for luck. :-)
你也可以结合两种方法来获得好运。 :-)
#2
0
You could check the top url using:
您可以使用以下方法检查顶部网址:
var topUrl = top.location.href;