dongxiee0744 2016-04-29 07:25
浏览 658
已采纳

视频iframe嵌入引发403最新的ios更新

We run a website that displays embedded videos. The videos are embedded via an iframe. The iframe src only allows the referrer to be the website the video is being displayed on otherwise it throws a 403. The website is responsive. Since the latest IOS(9.3 and 9.3.1) updates if you refresh one on these pages the 403 gets thrown. This happens in safari and chrome. The embed iframe is controlled by checking an array of allowed referrers using PHP

In our tests users with an earlier version of IOS do not have the same problem.

Can anyone shed any light on why this might be happening?

Thanks

Matthew

  • 写回答

1条回答 默认 最新

  • dqrnsg6439 2016-04-29 07:50
    关注

    This seems to be a bug in WebKit:

    https://bugs.webkit.org/show_bug.cgi?id=155754

    To workaround this, I'd suggest generating a random token in the 'outer' page, and appending it to the URL of the iframe (and saving it in a session or some other database). Then you could check whether an 'correct' token is sent.

    While this requires you to have both pages (the video and the 'outer page') on the same server, this solution is more secure than referrer checking, as the user could send any string in the "referrer header".

    Alternatively, simply skip the check for iOS 9.3 && 9.3.1, and hope that everybody upgrades to iOS 9.3.2 in the near future, which appears to have the bug fixed.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 c程序不知道为什么得不到结果
  • ¥40 复杂的限制性的商函数处理
  • ¥15 程序不包含适用于入口点的静态Main方法
  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置