Hi Michael,
How can we block a call after page=// that starts with http or https
Any external URL after the domain must be blocked
So this must NOT be possible to reach.
https://extravestiging.nl/webshop/?page=//https://ipv4.icanhazip.com/
and another example
https://extravestiging.nl/webshop/?page=//https://www.tinywebgallery.com/blog/forum/recent
Please let us know how to block this linking to external URL's
Kind Regards,
Dave Everaers
Marti Orbak Software
Hi,
To prevent this you can specify key,url pairs. Not sure this is feasible to specify all your urls here.
If you like a custom solution for this please contact me.
Best regards, Michael
Hi Michael,
We want a kind of whitelist.
The url is like:
https://bakkerboer.nl/webshop/?page=/assortiment
What we want to allow is:
?page=/assortiment
?page=/aanbiedingen
?page=/CheckoutShoppingCart
?page=/CheckoutSignOn
?page=/CheckoutOrderDeliveryMethod
?page=/CheckoutPickupLocation
?page=/CheckoutPickupDateTime
?page=/CheckoutPaymentMethod
?page=/CheckoutOrderSummary
?page=/CheckoutPaymentMollieAPI
And maybe more in the future.
With this whitelist we want to prevent to load other sites within the iframe
So this must NOT be possible:
https://bakkerboer.nl/webshop/?page=//https://www.tinywebgallery.com/blog/advanced-iframe
Kind Regards,
Dave Everaers
Hi,
you can configure this already . You can specify key value pairs. If key=value then only this ones are allowed.
Does this solve your problem?
Best regards, Michael
It is actually the same setting:
You can map an url parameter value pair to an url or pass the url directly which should be opened in the iframe. If you e.g. have a page with the iframe and you like to have different content in the iframe depending on an url parameter than this is the setting you have to use. You have to specify this setting in the following syntax "parameter|value|url" e.g. "show|1| https://www.tinywebgallery.co m". If you than open the parent page with ?show=1 than https://www.tinywebgallery.com is opened inside the iframe. You can also specify several mappings by separating them by ','.
you should not use reserved words: https://codex.wordpress.org/Reserved_Terms
so page is not good.
So one example with 2 elements with "show" is
show|/assortiment|/assortiment,show|/aanbiedingen|/aanbiedingen
?show=/assortiment will then link to /assortiment only
Best regards, Michael