Skip to content

sanils2002/react-iframe-secure-embed

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

7 Commits
build
build
Β 
Β 
node_modules
node_modules
Β 
Β 
public
public
Β 
Β 
src
src
Β 
Β 
.gitignore
.gitignore
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
iframe-test.html
iframe-test.html
Β 
Β 
package-lock.json
package-lock.json
Β 
Β 
package.json
package.json
Β 
Β 
tsconfig.json
tsconfig.json
Β 
Β 

Repository files navigation

Iframe Secure Embed React App

A React application that demonstrates iframe detection functionality with security guards and access control.

Features

  • πŸ” Iframe Detection: Automatically detects if the app is running inside an iframe
  • πŸ›‘οΈ Security Guard: Restricts access based on iframe context
  • πŸ”§ Development Mode: Bypasses restrictions in development for easier testing
  • πŸ“ Referrer Validation: Optional validation of allowed parent domains
  • 🎨 Modern UI: Clean, responsive design with real-time status indicators

Project Structure

react-iframe-secure-embed/
β”œβ”€β”€ src/
β”‚   β”œβ”€β”€ components/
β”‚   β”‚   β”œβ”€β”€ IframeGuard.tsx      # Main guard component
β”‚   β”‚   └── AccessBlocked.tsx    # Access denied screen
β”‚   β”œβ”€β”€ hooks/
β”‚   β”‚   └── useIframeDetection.ts # Iframe detection logic
β”‚   β”œβ”€β”€ App.tsx                  # Main application
β”‚   β”œβ”€β”€ App.css                  # Component styles
β”‚   β”œβ”€β”€ index.tsx                # React entry point
β”‚   └── index.css                # Global styles
β”œβ”€β”€ public/
β”‚   └── index.html               # HTML template
β”œβ”€β”€ package.json                 # Dependencies
β”œβ”€β”€ tsconfig.json                # TypeScript config
└── README.md                    # This file

How It Works

1. Iframe Detection (useIframeDetection.ts)

The custom hook uses multiple detection methods:

  • Window comparison: Checks if window !== window.top
  • Parent validation: Verifies window.parent !== window
  • Referrer checking: Validates document.referrer
  • Cross-origin detection: Attempts to access parent properties

2. Access Control (IframeGuard.tsx)

The guard component provides:

  • Loading state: Shows verification message during detection
  • Error handling: Displays security errors if detection fails
  • Development bypass: Allows access in development mode
  • Referrer validation: Checks allowed parent domains
  • Access blocking: Shows blocked message for unauthorized access

3. Visual Feedback (AccessBlocked.tsx)

Professional access denied screen with:

  • Clear warning icon and message
  • Status code indication
  • Responsive design
  • Customizable messaging

Installation & Setup

  1. Install dependencies:

    cd react-iframe-secure-embed
npm install

  2. Start development server:

    npm start

  3. Build for production:

    npm run build

Usage Examples

Basic Usage

import { IframeGuard } from './components/IframeGuard';

function App() {
  return (
    <IframeGuard>
      <YourProtectedContent />
    </IframeGuard>
  );
}

Advanced Configuration

<IframeGuard
  bypassInDevelopment={true}
  allowedReferrers={['example.com', 'trusted-domain.com']}
  customBlockedMessage="Custom access denied message"
>
  <YourProtectedContent />
</IframeGuard>

Hook Only Usage

import { useIframeDetection } from './hooks/useIframeDetection';

function MyComponent() {
  const { isInIframe, isLoading, error } = useIframeDetection();
  
  if (isLoading) return <div>Loading...</div>;
  if (error) return <div>Error: {error}</div>;
  
  return (
    <div>
      {isInIframe ? 'Running in iframe' : 'Running standalone'}
    </div>
  );
}

Configuration Options

IframeGuard Props

Prop Type Default Description
children ReactNode - Content to protect
allowedReferrers string[] [] Allowed parent domains
bypassInDevelopment boolean true Skip restrictions in dev mode
customBlockedMessage string - Custom access denied message

Detection Hook Return

Property Type Description
isInIframe boolean Whether app is in iframe
isLoading boolean Detection in progress
error string | null Error message if detection fails

Testing the Functionality

Development Mode

  • Run npm start - access is allowed by default
  • Check console for detection logs

Production Mode

  1. Build the app: npm run build
  2. Serve the build: npx serve -s build
  3. Direct access will be blocked
  4. Create an HTML file with iframe:
<!DOCTYPE html>
<html>
<head>
    <title>Iframe Test</title>
</head>
<body>
    <h1>Testing Iframe Detection</h1>
    <iframe 
        src="http://localhost:3000" 
        width="800" 
        height="600"
        style="border: 1px solid #ccc;">
    </iframe>
</body>
</html>

Security Considerations

  • Cross-origin safety: Handles cross-origin iframe restrictions
  • Multiple detection methods: Reduces false positives/negatives
  • Referrer validation: Optional additional security layer
  • Development bypass: Configurable for different environments
  • Error handling: Graceful fallbacks for detection failures

Browser Compatibility

  • βœ… Chrome 60+
  • βœ… Firefox 55+
  • βœ… Safari 12+
  • βœ… Edge 79+

License

MIT License - feel free to use in your projects!

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Add tests if applicable
  5. Submit a pull request

Support

If you encounter any issues or have questions:

  1. Check the console for detection logs
  2. Verify your iframe setup
  3. Test in different browsers
  4. Check network/security settings

Note: This is a demo application showcasing iframe detection techniques. Adapt the security measures according to your specific requirements and threat model.

About

React App as a Secure Iframe Embed

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages