最近因為項目的需要，要用iframe網頁里邊嵌入第三方的網站。比如人人網。前端工程師發現這個問題后，我過去看了看，發現是因為人人做了iframe busting。

后來研究了一下，比較好的方式就是當通過http 204來處理這個問題。

通過描述，就知道它的作用是干什么。

The server has fulfilled the request but does not need to return an entity-body, and might want to return updated metainformation. The response MAY include new or updated metainformation in the form of entity-headers, which if present SHOULD be associated with the requested variant.

If the client is a user agent, it SHOULD NOT change its document view from that which caused the request to be sent. This response is primarily intended to allow input for actions to take place without causing a change to the user agent's active document view, although any new or updated metainformation SHOULD be applied to the document currently in the user agent's active view.

所以，在網頁的onbeforeunload加入這段代碼:

var preventBusting = 0;window.onbeforeunload = function() { preventBusting++}setInterval(function() {if (preventBusting > 0) {preventBusting -= 2;window.top.location = 'http://yourwebserver/attacker';}}, 0.5);
如果是apache, 加入下面這段代碼來處理204返回，在alias_module后，

RedirectMatch 204 attacker(.*)$
nginx的話，差不多類似的方式

location = /attacker {return 204;}
測試通過。

總結

以上是生活随笔為你收集整理的绕过iframe busting的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。