2👍
If Company X provides its service without authentication (anybody can just download it in a frame), that’s a problem on their end that you will not really be able to fix in your code. Even if you hide the actual iframe url, it will still work for anyone that has the link. But you are right, at least not all of your visitors will have it, and that may be good enough, it is a risk that can be accepted if you want to.
Your idea of putting a server inbetween, and your application only accessing the interim one could actually work. This is called a reverse proxy, any web server software (Apache, nginx, IIS, etc.) can do it without much setup. So no development is needed, and hence setting it up is not a programming question.
What is a programming question is the security of this solution. You need to be aware that while this would hide the iframe url from your users, that url would still be valid and would work for anyone, this is an issue with Company X’s service. Also you need to have authentication on the reverse proxy server, otherwise the new iframe url can be copied just as well as the original one.
Also be aware that reverse proxying a complex website with lots of embedded resources and javascript will have its pitfalls. Depending on actual contents, the real origin may sometimes be disclosed to your users.
0👍
You can set the response header ‘X-Frame-Options’ to ‘sameorigin’..
Please refer this…
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
It’s used to disable the Iframe (except your server)..
- [Django]-How to customize Haystack's SearchView to accept addtional URL parameters?
- [Django]-Multiple models save in a POST request. (Invalid data. Expected a dictionary, but got list.)